diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index 0502027..c60eb2c 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.1" + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8185,7 +11950,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8305,7 +12070,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8315,6 +12079,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8348,87 +12113,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index 184daaf..5d230e9 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json index d787114..38d8f73 100644 --- a/docs/security/agent/grype-25.10.10.json +++ b/docs/security/agent/grype-25.10.10.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,2384 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3371,59 +6285,207 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3431,21 +6493,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3459,19 +6521,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3481,34 +6538,42 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3516,7 +6581,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.0105 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3534,7 +6599,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3568,31 +6633,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3600,53 +6679,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3667,7 +6746,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } @@ -3706,31 +6785,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3738,29 +6825,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -3768,10 +6857,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 3.9, + "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} @@ -3779,10 +6868,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3797,21 +6894,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3825,13 +6922,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6939,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3874,42 +6979,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3924,21 +7034,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -3952,23 +7062,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -3980,31 +7084,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4012,42 +7124,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4062,21 +7179,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4090,23 +7207,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4118,31 +7229,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +7269,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +7324,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +7352,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +7374,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.10" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4379,41 +7559,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4428,21 +7615,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4456,13 +7643,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4473,31 +7660,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4505,46 +7700,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7756,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4580,14 +7784,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7812,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4629,41 +7852,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4678,21 +7908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4706,23 +7936,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7968,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4766,41 +8008,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4815,21 +8064,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4843,23 +8092,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4871,31 +8124,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4903,53 +8170,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4964,21 +8247,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4992,13 +8275,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5009,31 +8292,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5041,46 +8332,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +8392,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5116,53 +8420,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5170,39 +8477,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5217,21 +8537,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5245,53 +8565,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5299,39 +8633,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5346,21 +8694,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5374,17 +8722,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8750,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8790,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8832,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5503,19 +8860,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8877,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5557,51 +8917,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5609,21 +8959,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5637,48 +8987,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5686,44 +9055,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5738,21 +9097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5766,59 +9125,71 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5826,45 +9197,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5879,21 +9239,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5907,23 +9267,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5958,8 +9322,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6012,8 +9384,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6096,8 +9476,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6149,8 +9537,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6233,8 +9629,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6287,8 +9697,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6382,8 +9806,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6430,12 +9868,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6456,7 +10062,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -6495,20 +10101,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6516,10 +10122,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6527,31 +10141,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -6559,10 +10172,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6570,10 +10183,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6588,21 +10209,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -6616,13 +10237,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6633,31 +10254,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6665,62 +10286,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6728,21 +10334,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6756,14 +10362,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6773,31 +10390,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6805,59 +10422,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6865,21 +10470,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6896,11 +10501,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6932,9 +10548,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6942,7 +10566,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -6957,6 +10581,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -6973,9 +10609,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7251,7 +10895,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7371,7 +11015,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7381,6 +11024,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7414,87 +11058,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md index ab892f0..8ebf5ea 100644 --- a/docs/security/agent/grype-25.10.10.md +++ b/docs/security/agent/grype-25.10.10.md @@ -7,34 +7,42 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -42,19 +50,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.11.json b/docs/security/agent/grype-25.10.11.json index 3470e24..6f65e96 100644 --- a/docs/security/agent/grype-25.10.11.json +++ b/docs/security/agent/grype-25.10.11.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,2384 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.11" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3371,59 +6285,207 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3431,21 +6493,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3459,19 +6521,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3481,34 +6538,42 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3516,7 +6581,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.0105 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3534,7 +6599,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3568,31 +6633,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3600,53 +6679,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3667,7 +6746,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } @@ -3706,31 +6785,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3738,29 +6825,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -3768,10 +6857,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 3.9, + "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} @@ -3779,10 +6868,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3797,21 +6894,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3825,13 +6922,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6939,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3874,42 +6979,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3924,21 +7034,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -3952,23 +7062,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -3980,31 +7084,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4012,42 +7124,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4062,21 +7179,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4090,23 +7207,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4118,31 +7229,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +7269,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +7324,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +7352,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +7374,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.11" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4379,41 +7559,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4428,21 +7615,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4456,13 +7643,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4473,31 +7660,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4505,46 +7700,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7756,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4580,14 +7784,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7812,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4629,41 +7852,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4678,21 +7908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4706,23 +7936,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7968,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4766,41 +8008,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4815,21 +8064,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4843,23 +8092,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4871,31 +8124,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4903,53 +8170,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4964,21 +8247,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4992,13 +8275,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5009,31 +8292,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5041,46 +8332,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +8392,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5116,53 +8420,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5170,39 +8477,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5217,21 +8537,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5245,53 +8565,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5299,39 +8633,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5346,21 +8694,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5374,17 +8722,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8750,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8790,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8832,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5503,19 +8860,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8877,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5557,51 +8917,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5609,21 +8959,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5637,48 +8987,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5686,44 +9055,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5738,21 +9097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5766,59 +9125,71 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5826,45 +9197,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5879,21 +9239,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5907,23 +9267,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5958,8 +9322,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6012,8 +9384,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6096,8 +9476,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6149,8 +9537,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6233,8 +9629,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6287,8 +9697,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6382,8 +9806,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6430,12 +9868,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6456,7 +10062,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -6495,20 +10101,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6516,10 +10122,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6527,31 +10141,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -6559,10 +10172,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6570,10 +10183,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6588,21 +10209,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -6616,13 +10237,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6633,31 +10254,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6665,62 +10286,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6728,21 +10334,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6756,14 +10362,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6773,31 +10390,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6805,59 +10422,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6865,21 +10470,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6896,11 +10501,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6932,9 +10548,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6942,7 +10566,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -6957,6 +10581,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -6973,9 +10609,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7251,7 +10895,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7371,7 +11015,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7381,6 +11024,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7414,87 +11058,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.11.md b/docs/security/agent/grype-25.10.11.md index 3a92d6f..57b4a32 100644 --- a/docs/security/agent/grype-25.10.11.md +++ b/docs/security/agent/grype-25.10.11.md @@ -7,34 +7,42 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -42,19 +50,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.12.json b/docs/security/agent/grype-25.10.12.json index 1589224..ef45949 100644 --- a/docs/security/agent/grype-25.10.12.json +++ b/docs/security/agent/grype-25.10.12.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,2384 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.12" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3371,59 +6285,207 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3431,21 +6493,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3459,19 +6521,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3481,34 +6538,42 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3516,7 +6581,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.0105 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3534,7 +6599,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3568,31 +6633,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3600,53 +6679,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3667,7 +6746,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } @@ -3706,31 +6785,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3738,29 +6825,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -3768,10 +6857,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 3.9, + "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} @@ -3779,10 +6868,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3797,21 +6894,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3825,13 +6922,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6939,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3874,42 +6979,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3924,21 +7034,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -3952,23 +7062,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -3980,31 +7084,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4012,42 +7124,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4062,21 +7179,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4090,23 +7207,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4118,31 +7229,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +7269,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +7324,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +7352,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +7374,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.12" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4379,41 +7559,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4428,21 +7615,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4456,13 +7643,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4473,31 +7660,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4505,46 +7700,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7756,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4580,14 +7784,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7812,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4629,41 +7852,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4678,21 +7908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4706,23 +7936,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7968,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4766,41 +8008,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4815,21 +8064,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4843,23 +8092,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4871,31 +8124,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4903,53 +8170,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4964,21 +8247,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4992,13 +8275,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5009,31 +8292,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5041,46 +8332,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +8392,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5116,53 +8420,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5170,39 +8477,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5217,21 +8537,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5245,53 +8565,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5299,39 +8633,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5346,21 +8694,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5374,17 +8722,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8750,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8790,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8832,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5503,19 +8860,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8877,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5557,51 +8917,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5609,21 +8959,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5637,48 +8987,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5686,44 +9055,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5738,21 +9097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5766,59 +9125,71 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5826,45 +9197,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5879,21 +9239,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5907,23 +9267,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5958,8 +9322,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6012,8 +9384,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6096,8 +9476,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6149,8 +9537,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6233,8 +9629,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6287,8 +9697,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6382,8 +9806,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6430,12 +9868,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6456,7 +10062,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -6495,20 +10101,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6516,10 +10122,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6527,31 +10141,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -6559,10 +10172,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6570,10 +10183,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6588,21 +10209,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -6616,13 +10237,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6633,31 +10254,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6665,62 +10286,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6728,21 +10334,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6756,14 +10362,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6773,31 +10390,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6805,59 +10422,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6865,21 +10470,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6896,11 +10501,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6932,9 +10548,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6942,7 +10566,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -6957,6 +10581,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -6973,9 +10609,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7251,7 +10895,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7371,7 +11015,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7381,6 +11024,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7414,87 +11058,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.12.md b/docs/security/agent/grype-25.10.12.md index 59ce6e0..ab59c2f 100644 --- a/docs/security/agent/grype-25.10.12.md +++ b/docs/security/agent/grype-25.10.12.md @@ -7,34 +7,42 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -42,19 +50,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index f308871..15d2677 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.2" + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index ccd7a6d..c7342df 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 40c392c..5945c2c 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.3" + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index 97f51ba..f7c91e4 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index ff87e07..cfebb46 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.3" + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index e2faf70..b26f4a5 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index 47227c5..c1834f6 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.4" + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index 8fc5b00..e23be89 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index c968406..3bb1410 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.6" + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index 0c60163..285e53d 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index 08bff27..33ea4f8 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.10.6" + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index cb07971..4f92d43 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index a242bb5..ab75534 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,2384 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.024225 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.8" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3371,59 +6285,207 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3431,21 +6493,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3459,19 +6521,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3481,34 +6538,42 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3516,7 +6581,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.0105 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3534,7 +6599,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3568,31 +6633,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3600,53 +6679,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3667,7 +6746,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } @@ -3706,31 +6785,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3738,29 +6825,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -3768,10 +6857,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, + "baseScore": 3.9, + "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} @@ -3779,10 +6868,18 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3797,21 +6894,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3825,13 +6922,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6939,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3874,42 +6979,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3924,21 +7034,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -3952,23 +7062,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -3980,31 +7084,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4012,42 +7124,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4062,21 +7179,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4090,23 +7207,17 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4118,31 +7229,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +7269,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +7324,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +7352,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +7374,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.8" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4379,41 +7559,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4428,21 +7615,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4456,13 +7643,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4473,31 +7660,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4505,46 +7700,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7756,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4580,14 +7784,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7812,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4629,41 +7852,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4678,21 +7908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4706,23 +7936,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7968,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4766,41 +8008,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4815,21 +8064,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4843,23 +8092,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4871,31 +8124,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4903,53 +8170,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4964,21 +8247,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4992,13 +8275,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5009,31 +8292,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5041,46 +8332,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +8392,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5116,53 +8420,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5170,39 +8477,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5217,21 +8537,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5245,53 +8565,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5299,39 +8633,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5346,21 +8694,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5374,17 +8722,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8750,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8790,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8832,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5503,19 +8860,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8877,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5557,51 +8917,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5609,21 +8959,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5637,48 +8987,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5686,44 +9055,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5738,21 +9097,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5766,59 +9125,71 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5826,45 +9197,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5879,21 +9239,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5907,23 +9267,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5958,8 +9322,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6012,8 +9384,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6096,8 +9476,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6149,8 +9537,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6233,8 +9629,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6287,8 +9697,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6382,8 +9806,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6430,12 +9868,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6456,7 +10062,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -6495,20 +10101,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6516,10 +10122,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6527,31 +10141,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -6559,10 +10172,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6570,10 +10183,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6588,21 +10209,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -6616,13 +10237,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6633,31 +10254,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6665,62 +10286,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6728,21 +10334,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6756,14 +10362,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6773,31 +10390,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6805,59 +10422,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6865,21 +10470,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6896,11 +10501,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6932,9 +10548,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6942,7 +10566,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -6957,6 +10581,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -6973,9 +10609,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7251,7 +10895,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7371,7 +11015,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7381,6 +11024,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7414,87 +11058,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index 5304eb5..7d9c720 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -7,34 +7,42 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -42,19 +50,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index 2122478..e1a9bed 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0215995764e9f654", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3371,52 +3911,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3431,21 +3961,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "0215995764e9f654", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3459,17 +3989,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3481,20 +4017,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3502,66 +4038,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3569,10 +4081,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3587,24 +4099,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "120d5875527c431e", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3618,23 +4127,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3646,118 +4155,179 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.021115000000000002 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.9" - } + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -3765,60 +4335,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3826,21 +4390,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -3854,14 +4418,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3871,31 +4446,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -3903,58 +4486,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3962,21 +4541,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -3990,14 +4569,29 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4007,17 +4601,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4028,10 +4622,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4039,28 +4641,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4071,10 +4670,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4089,21 +4696,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4117,23 +4724,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4145,63 +4756,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013905000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4209,10 +4853,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -4227,21 +4879,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "120d5875527c431e", + "name": "systemd-libs", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -4255,23 +4910,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4283,97 +4938,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4394,11 +5039,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -4436,31 +5078,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4468,57 +5118,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4533,21 +5173,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4561,13 +5201,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4578,118 +5218,2691 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.9" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.9" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.9" + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4697,41 +7910,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4746,21 +7966,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4774,13 +7994,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4791,31 +8011,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4823,46 +8051,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4870,21 +8107,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4898,14 +8135,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4915,31 +8163,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4947,41 +8203,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4996,21 +8259,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5024,23 +8287,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5052,31 +8319,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5084,41 +8359,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5133,21 +8415,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5161,23 +8443,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5189,31 +8475,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5221,53 +8521,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5282,21 +8598,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5310,13 +8626,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5327,31 +8643,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5359,46 +8683,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5406,21 +8743,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5434,53 +8771,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5488,39 +8828,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5535,21 +8888,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5563,53 +8916,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5617,39 +8984,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5664,21 +9045,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5692,17 +9073,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5714,31 +9101,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5746,46 +9141,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5793,21 +9183,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5821,19 +9211,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5843,31 +9228,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5875,51 +9268,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5927,21 +9310,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5955,48 +9338,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6004,44 +9406,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6056,21 +9448,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6084,59 +9476,71 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6144,45 +9548,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6197,21 +9590,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6225,23 +9618,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6276,8 +9673,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6330,8 +9735,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6414,8 +9827,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6467,8 +9888,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6551,8 +9980,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6605,8 +10048,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6700,8 +10157,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6748,12 +10219,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6774,7 +10413,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -6813,20 +10452,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6834,10 +10473,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6845,31 +10492,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -6877,10 +10523,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6888,10 +10534,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6906,21 +10560,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6934,13 +10588,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6951,31 +10605,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -6983,62 +10637,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7046,21 +10685,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7074,14 +10713,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7091,31 +10741,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7123,59 +10773,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7183,21 +10821,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7214,11 +10852,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7250,9 +10899,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7260,7 +10917,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7275,6 +10932,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7291,9 +10960,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7569,7 +11246,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7689,7 +11366,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7699,6 +11375,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7732,87 +11409,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index 5fbdc73..cf2e4e4 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -7,36 +7,44 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -44,19 +52,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index 7ab5f60..e9722ac 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.11.1" + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index f756143..800d216 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index 05542f0..752e4b6 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -25,8 +25,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -44,7 +52,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:20559", "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], @@ -80,8 +88,16 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89462, - "date": "2026-01-07" + "percentile": 0.89486, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -173,8 +189,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -232,8 +268,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -293,31 +349,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -325,57 +381,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -396,7 +439,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -446,31 +489,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -478,57 +521,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -549,7 +579,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -599,31 +629,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -631,54 +669,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -686,21 +742,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -717,13 +773,24 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -731,79 +798,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -811,21 +911,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -839,37 +939,48 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -877,37 +988,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -918,17 +1044,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -936,21 +1070,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -964,59 +1098,56 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1024,69 +1155,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1094,21 +1210,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -1122,25 +1238,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1173,8 +1278,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1236,8 +1349,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1264,8 +1385,8 @@ } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", + "id": "707ec843794b77ca", + "name": "curl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1283,16 +1404,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1308,31 +1429,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1340,44 +1469,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1398,14 +1553,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ @@ -1423,16 +1578,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { "name": "curl", @@ -1448,17 +1603,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1469,62 +1624,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1532,21 +1699,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1560,59 +1727,208 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1620,39 +1936,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1667,21 +1991,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -1695,13 +2019,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1735,8 +2059,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1788,8 +2126,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1872,8 +2224,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1933,8 +2299,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1994,31 +2374,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2026,27 +2414,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -2055,35 +2442,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2091,17 +2456,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2109,21 +2482,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2137,14 +2510,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2154,100 +2532,100 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], - "risk": 0.043320000000000004 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 7.2 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00057, - "percentile": 0.18099, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2262,24 +2640,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -2293,23 +2668,17 @@ ], "language": "", "licenses": [ - "Public Domain" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" } ], "metadataType": "RpmMetadata", @@ -2321,31 +2690,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2353,50 +2742,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" - ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" + ], + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2411,21 +2845,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2439,17 +2873,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2478,9 +2912,17 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2488,7 +2930,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.047355 }, "relatedVulnerabilities": [ { @@ -2529,16 +2971,24 @@ "epss": [ { "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2547,7 +2997,7 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, @@ -2558,8 +3008,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -2577,22 +3027,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -2602,20 +3041,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2623,10 +3062,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2634,48 +3081,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2683,21 +3147,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2711,96 +3175,151 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.033499999999999995 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.03572 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2025-6965", + "epss": 0.00047, + "percentile": 0.1435, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2808,21 +3327,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -2836,14 +3358,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2853,31 +3386,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2885,28 +3426,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2914,10 +3455,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2932,21 +3481,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2960,13 +3509,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2977,31 +3526,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3009,28 +3566,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3038,17 +3597,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3056,21 +3623,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3084,25 +3651,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3112,31 +3668,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3144,49 +3708,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3194,21 +3764,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "44b0d60647caaf34", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9_6.2", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -3222,25 +3792,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3250,31 +3809,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3282,31 +3849,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3314,17 +3878,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3332,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c1d00ecd60472d2c", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3360,25 +3932,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9_6.2" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3388,31 +3949,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3420,28 +3989,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3449,17 +4018,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3467,21 +4044,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3495,14 +4072,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3512,20 +4100,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3533,10 +4121,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3544,59 +4132,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3604,21 +4181,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3632,19 +4209,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3654,20 +4226,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3675,10 +4247,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3686,52 +4258,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3746,21 +4308,21 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", + "id": "44b0d60647caaf34", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3774,17 +4336,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9_6.2?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3796,20 +4364,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3817,66 +4385,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3884,10 +4428,10 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3902,24 +4446,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "c1d00ecd60472d2c", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9_6.2", "type": "rpm", "locations": [ { @@ -3933,23 +4474,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9_6.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "ncurses", + "version": "6.2-10.20210508.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -3961,118 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4080,53 +4542,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4141,21 +4597,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4169,13 +4625,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4186,31 +4642,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4218,58 +4682,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4277,21 +4737,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4305,14 +4765,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4322,17 +4793,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4343,10 +4814,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4354,28 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4386,10 +4862,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4404,21 +4888,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4432,23 +4916,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4460,17 +4948,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4481,10 +4969,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4492,28 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4524,10 +5017,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4542,21 +5043,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -4570,23 +5071,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -4598,82 +5103,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [ - "1:3.5.1-4.el9_7" + "0:252-55.el9_7.7" ], "state": "fixed", "available": [ { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", "kind": "first-observed" } ] }, "advisories": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.013779999999999999 + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4681,17 +5200,25 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4699,24 +5226,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" }, "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -4730,117 +5257,122 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-51.el9_6.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.013779999999999999 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4848,24 +5380,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4879,125 +5408,104 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], - "risk": 0.01344 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2026-01-07" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5018,11 +5526,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], @@ -5060,31 +5565,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5092,64 +5605,57 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5157,21 +5663,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5185,14 +5691,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5202,118 +5719,2902 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + ], + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08302, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" + } + } + ], + "artifact": { + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01072 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + ], + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010620000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-22185", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" ], "package": { - "name": "fluent-bit", - "version": "25.11.2" + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00945 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.008969999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00888 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5321,41 +8622,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.7, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 5.2 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5370,21 +8678,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5398,13 +8706,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5415,31 +8723,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5447,46 +8763,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5494,21 +8819,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5522,14 +8847,25 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5539,31 +8875,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5571,41 +8915,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5620,21 +8971,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5648,23 +8999,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5676,31 +9031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5708,41 +9071,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5757,21 +9127,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5785,23 +9155,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5813,31 +9187,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5845,53 +9233,69 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5906,21 +9310,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5934,13 +9338,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5951,31 +9355,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5983,46 +9395,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6030,21 +9455,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6058,53 +9483,56 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6112,39 +9540,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -6159,21 +9600,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -6187,53 +9628,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6241,39 +9696,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6288,21 +9757,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6316,17 +9785,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6338,31 +9813,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6370,46 +9853,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6417,21 +9895,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6445,19 +9923,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6467,31 +9940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6499,51 +9980,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6551,21 +10022,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6579,48 +10050,67 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6628,44 +10118,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6680,21 +10160,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6708,59 +10188,71 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6768,45 +10260,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6821,21 +10302,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -6849,23 +10330,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -6900,8 +10385,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6954,8 +10447,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7038,8 +10539,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7091,8 +10600,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7175,8 +10692,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7229,8 +10760,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7324,8 +10869,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7372,12 +10931,180 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2023-30571", + "epss": 0.00013, + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.006379999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7398,7 +11125,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7437,20 +11164,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7458,10 +11185,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7469,31 +11204,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006379999999999999 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7501,10 +11235,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7512,10 +11246,18 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7530,21 +11272,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7558,13 +11300,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7575,31 +11317,31 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7607,62 +11349,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7670,21 +11397,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7698,14 +11425,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7715,31 +11453,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7747,59 +11485,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7807,21 +11533,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -7838,11 +11564,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7874,9 +11611,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7884,7 +11629,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7899,6 +11644,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7915,9 +11672,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8193,7 +11958,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8313,7 +12078,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8323,6 +12087,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8356,87 +12121,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index 94d0014..749438f 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -8,39 +8,47 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -48,19 +56,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index c22bf5f..542d978 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3371,52 +3911,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3431,21 +3961,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3459,17 +3989,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3481,20 +4017,20 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3502,66 +4038,42 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3569,17 +4081,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", - "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3587,24 +4099,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "0:252-55.el9_7.2" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e8cfdbaead821b00", - "name": "systemd", - "version": "252-55.el9_7.2", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3618,14 +4127,25 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3635,87 +4155,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "percentile": 0.12144, + "date": "2026-01-21" } ], - "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], - "risk": 0.019885 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3723,17 +4224,25 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3741,24 +4250,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4152df82a1db41b", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -3772,25 +4278,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3800,87 +4295,219 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "state": "fixed", - "available": [ + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ { - "id": "", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], - "risk": 0.019885 + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3888,10 +4515,18 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3906,24 +4541,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ead60bdbac583ffe", - "name": "systemd-pam", - "version": "252-55.el9_7.2", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -3937,23 +4569,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -3988,8 +4624,16 @@ { "cve": "CVE-2025-4598", "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4007,7 +4651,7 @@ }, "advisories": [ { - "id": "", + "id": "RHSA-2025:22660", "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], @@ -4024,6 +4668,7 @@ "https://access.redhat.com/errata/RHSA-2025:22868", "https://access.redhat.com/errata/RHSA-2025:23227", "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", "https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", @@ -4055,15 +4700,23 @@ { "cve": "CVE-2025-4598", "epss": 0.00041, - "percentile": 0.12251, - "date": "2026-01-07" + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4072,7 +4725,7 @@ }, "package": { "name": "systemd", - "version": "252-55.el9_7.2" + "version": "0:252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, @@ -4086,8 +4739,8 @@ } ], "artifact": { - "id": "7126adbff2843171", - "name": "systemd-rpm-macros", + "id": "e8cfdbaead821b00", + "name": "systemd", "version": "252-55.el9_7.2", "type": "rpm", "locations": [ @@ -4105,26 +4758,11 @@ "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4134,118 +4772,2078 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "c4152df82a1db41b", + "name": "systemd-libs", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT" + ], + "cpes": [ + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "ead60bdbac583ffe", + "name": "systemd-pam", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" + ], + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12236, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "7126adbff2843171", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0147 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.1" - } + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4253,53 +6851,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4314,21 +6906,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4342,13 +6934,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4359,20 +6951,20 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -4380,10 +6972,24 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -4391,51 +6997,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } @@ -4450,21 +7059,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -4478,13 +7087,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4495,31 +7104,140 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4527,31 +7245,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4559,17 +7274,31 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4577,21 +7306,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4605,25 +7334,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4633,31 +7351,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4665,49 +7391,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4715,21 +7460,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4743,25 +7488,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4771,31 +7505,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4803,64 +7545,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4868,21 +7600,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4896,14 +7628,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4913,118 +7650,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.1" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5032,48 +7835,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5081,21 +7890,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5112,11 +7921,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5126,31 +7940,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5158,46 +7980,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5205,21 +8035,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5233,14 +8063,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5250,31 +8085,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5282,41 +8125,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5331,21 +8180,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5359,23 +8208,17 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -5387,31 +8230,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5419,48 +8270,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5468,21 +8325,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5496,25 +8353,20 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5524,31 +8376,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5556,60 +8416,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5617,21 +8471,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5645,14 +8499,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5662,31 +8531,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5698,42 +8575,51 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5741,21 +8627,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5769,19 +8655,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5791,31 +8672,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5827,35 +8716,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5870,21 +8768,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5898,17 +8796,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5920,31 +8824,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5956,35 +8868,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5999,21 +8920,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6027,17 +8948,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6049,31 +8980,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6081,46 +9026,76 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6128,21 +9103,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6156,19 +9131,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6178,31 +9148,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6210,46 +9188,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6257,21 +9248,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -6285,53 +9276,56 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6339,46 +9333,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6386,82 +9393,95 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], - "language": "", - "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" - ], - "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6469,39 +9489,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -6516,21 +9550,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -6544,27 +9578,23 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -6576,31 +9606,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6608,44 +9646,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6660,21 +9688,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6688,48 +9716,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6737,44 +9773,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6789,21 +9815,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6817,59 +9843,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6877,45 +9911,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6930,21 +9953,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6958,23 +9981,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -7009,8 +10036,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -7063,8 +10098,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -7147,8 +10190,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7200,8 +10251,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7284,8 +10343,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7338,8 +10411,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7433,8 +10520,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7485,8 +10586,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -7569,8 +10684,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7623,8 +10746,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7670,10 +10801,163 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005225000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7684,31 +10968,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7716,44 +11008,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7761,10 +11049,18 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7779,21 +11075,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7807,13 +11103,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7824,31 +11120,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7856,59 +11152,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7916,21 +11200,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7947,11 +11231,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7961,31 +11256,31 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7993,58 +11288,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004129999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8052,21 +11336,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -8083,11 +11367,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8119,9 +11414,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -8129,7 +11432,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -8144,6 +11447,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -8160,9 +11475,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -8439,7 +11762,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -8559,7 +11882,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -8569,6 +11891,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -8602,87 +11925,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index bf8fa75..5998f24 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -7,19 +7,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | systemd | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-pam | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -29,19 +32,23 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -49,20 +56,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index 6ad88ff..7597d66 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3371,52 +3911,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3431,21 +3961,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3459,17 +3989,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3481,23 +4017,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3505,94 +4038,2091 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.024225 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.2" - } + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3600,53 +6130,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3661,21 +6185,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3689,13 +6213,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3706,20 +6230,20 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -3727,10 +6251,24 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -3738,51 +6276,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } @@ -3797,21 +6338,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3825,13 +6366,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6383,140 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3874,31 +6524,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3906,17 +6553,31 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3924,21 +6585,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3952,25 +6613,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3980,31 +6630,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4012,49 +6670,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4062,21 +6739,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4090,25 +6767,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4118,31 +6784,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +6824,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +6879,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +6907,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +6929,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.2" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4379,48 +7114,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4428,21 +7169,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4459,11 +7200,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4473,31 +7219,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4505,46 +7259,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7314,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4580,14 +7342,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7364,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4629,41 +7404,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4678,21 +7459,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4706,23 +7487,17 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7509,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4766,48 +7549,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4815,21 +7604,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4843,25 +7632,20 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4871,31 +7655,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4903,60 +7695,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4964,21 +7750,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4992,14 +7778,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5009,31 +7810,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5045,42 +7854,51 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +7906,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5116,19 +7934,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5138,31 +7951,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5174,35 +7995,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5217,21 +8047,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5245,17 +8075,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5267,31 +8103,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5303,35 +8147,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5346,21 +8199,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5374,17 +8227,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8259,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8305,76 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8382,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5503,19 +8410,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8427,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5557,46 +8467,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5604,21 +8527,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5632,53 +8555,56 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5686,46 +8612,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5733,82 +8672,95 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], - "language": "", - "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" - ], - "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5816,39 +8768,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5863,21 +8829,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5891,27 +8857,23 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5923,31 +8885,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5955,44 +8925,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6007,21 +8967,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6035,48 +8995,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6084,44 +9052,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6136,21 +9094,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6164,59 +9122,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6224,45 +9190,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6277,21 +9232,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6305,23 +9260,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6356,8 +9315,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6410,8 +9377,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6494,8 +9469,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6547,8 +9530,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6631,8 +9622,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6685,8 +9690,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6780,8 +9799,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6832,8 +9865,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6916,8 +9963,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6970,8 +10025,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7017,10 +10080,163 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005225000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7031,31 +10247,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7063,44 +10287,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7108,10 +10328,18 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7126,21 +10354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7154,13 +10382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7171,31 +10399,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7203,59 +10431,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7263,21 +10479,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7294,11 +10510,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7308,31 +10535,31 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7340,58 +10567,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004129999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7399,21 +10615,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7430,11 +10646,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7466,9 +10693,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7476,7 +10711,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7491,6 +10726,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7507,9 +10754,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7786,7 +11041,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7906,7 +11161,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7916,6 +11170,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7949,87 +11204,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index 253de52..2e0cbe9 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -7,15 +7,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -25,19 +28,23 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -45,20 +52,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index 25e167f..d070592 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3371,52 +3911,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3431,21 +3961,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3459,17 +3989,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3481,23 +4017,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3505,94 +4038,2091 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.024225 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.3" - } + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3600,53 +6130,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3661,21 +6185,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3689,13 +6213,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3706,20 +6230,20 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -3727,10 +6251,24 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -3738,51 +6276,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } @@ -3797,21 +6338,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3825,13 +6366,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6383,140 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3874,31 +6524,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3906,17 +6553,31 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3924,21 +6585,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3952,25 +6613,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3980,31 +6630,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4012,49 +6670,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4062,21 +6739,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4090,25 +6767,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4118,31 +6784,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +6824,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +6879,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +6907,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +6929,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.3" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4379,48 +7114,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4428,21 +7169,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4459,11 +7200,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4473,31 +7219,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4505,46 +7259,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7314,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4580,14 +7342,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7364,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4629,41 +7404,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4678,21 +7459,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4706,23 +7487,17 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7509,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4766,48 +7549,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4815,21 +7604,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4843,25 +7632,20 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4871,31 +7655,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4903,60 +7695,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4964,21 +7750,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4992,14 +7778,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5009,31 +7810,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5045,42 +7854,51 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +7906,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5116,19 +7934,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5138,31 +7951,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5174,35 +7995,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5217,21 +8047,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5245,17 +8075,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5267,31 +8103,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5303,35 +8147,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5346,21 +8199,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5374,17 +8227,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8259,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8305,76 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8382,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5503,19 +8410,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8427,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5557,46 +8467,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5604,21 +8527,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5632,53 +8555,56 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5686,46 +8612,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5733,82 +8672,95 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], - "language": "", - "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" - ], - "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5816,39 +8768,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5863,21 +8829,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5891,27 +8857,23 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5923,31 +8885,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5955,44 +8925,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6007,21 +8967,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6035,48 +8995,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6084,44 +9052,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6136,21 +9094,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6164,59 +9122,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6224,45 +9190,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6277,21 +9232,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6305,23 +9260,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6356,8 +9315,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6410,8 +9377,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6494,8 +9469,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6547,8 +9530,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6631,8 +9622,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6685,8 +9690,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6780,8 +9799,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6832,8 +9865,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6916,8 +9963,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6970,8 +10025,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7017,10 +10080,163 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005225000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7031,31 +10247,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7063,44 +10287,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7108,10 +10328,18 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7126,21 +10354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7154,13 +10382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7171,31 +10399,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7203,59 +10431,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7263,21 +10479,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7294,11 +10510,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7308,31 +10535,31 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7340,58 +10567,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004129999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7399,21 +10615,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7430,11 +10646,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7466,9 +10693,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7476,7 +10711,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7491,6 +10726,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7507,9 +10754,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7786,7 +11041,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7906,7 +11161,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7916,6 +11170,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7949,87 +11204,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index 8579f8b..9283e3d 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -7,15 +7,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -25,19 +28,23 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -45,20 +52,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.4.json b/docs/security/agent/grype-25.12.4.json index d4dc292..23f5ff1 100644 --- a/docs/security/agent/grype-25.12.4.json +++ b/docs/security/agent/grype-25.12.4.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3371,52 +3911,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3431,21 +3961,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3459,17 +3989,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3481,23 +4017,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3505,94 +4038,2091 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.024225 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.4" - } + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3600,53 +6130,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3661,21 +6185,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3689,13 +6213,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3706,20 +6230,20 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -3727,10 +6251,24 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -3738,51 +6276,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } @@ -3797,21 +6338,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3825,13 +6366,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6383,140 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3874,31 +6524,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3906,17 +6553,31 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3924,21 +6585,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3952,25 +6613,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3980,31 +6630,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4012,49 +6670,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4062,21 +6739,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4090,25 +6767,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4118,31 +6784,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +6824,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +6879,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +6907,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +6929,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.12.4" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4379,48 +7114,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4428,21 +7169,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4459,11 +7200,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4473,31 +7219,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4505,46 +7259,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7314,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4580,14 +7342,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7364,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4629,41 +7404,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4678,21 +7459,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4706,23 +7487,17 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7509,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4766,48 +7549,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4815,21 +7604,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4843,25 +7632,20 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4871,31 +7655,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4903,60 +7695,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4964,21 +7750,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4992,14 +7778,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5009,31 +7810,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5045,42 +7854,51 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +7906,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5116,19 +7934,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5138,31 +7951,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5174,35 +7995,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5217,21 +8047,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5245,17 +8075,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5267,31 +8103,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5303,35 +8147,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5346,21 +8199,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5374,17 +8227,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8259,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8305,76 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8382,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5503,19 +8410,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8427,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5557,46 +8467,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5604,21 +8527,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5632,53 +8555,56 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5686,46 +8612,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5733,82 +8672,95 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], - "language": "", - "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" - ], - "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5816,39 +8768,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5863,21 +8829,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5891,27 +8857,23 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5923,31 +8885,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5955,44 +8925,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6007,21 +8967,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6035,48 +8995,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6084,44 +9052,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6136,21 +9094,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6164,59 +9122,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6224,45 +9190,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6277,21 +9232,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6305,23 +9260,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6356,8 +9315,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6410,8 +9377,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6494,8 +9469,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6547,8 +9530,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6631,8 +9622,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6685,8 +9690,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6780,8 +9799,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6832,8 +9865,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6916,8 +9963,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6970,8 +10025,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7017,10 +10080,163 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005225000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7031,31 +10247,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7063,44 +10287,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7108,10 +10328,18 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7126,21 +10354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7154,13 +10382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7171,31 +10399,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7203,59 +10431,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7263,21 +10479,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7294,11 +10510,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7308,31 +10535,31 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7340,58 +10567,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004129999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7399,21 +10615,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7430,11 +10646,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7466,9 +10693,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7476,7 +10711,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7491,6 +10726,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7507,9 +10754,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7786,7 +11041,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7906,7 +11161,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7916,6 +11170,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7949,87 +11204,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-25.12.4.md b/docs/security/agent/grype-25.12.4.md index 02c769d..19bbfd4 100644 --- a/docs/security/agent/grype-25.12.4.md +++ b/docs/security/agent/grype-25.12.4.md @@ -7,15 +7,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -25,19 +28,23 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -45,20 +52,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-26.1.1.json b/docs/security/agent/grype-26.1.1.json index a75e504..a2a438f 100644 --- a/docs/security/agent/grype-26.1.1.json +++ b/docs/security/agent/grype-26.1.1.json @@ -25,8 +25,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -84,8 +104,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -145,31 +185,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -177,57 +217,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -248,7 +275,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -298,31 +325,31 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ], "fix": { @@ -330,57 +357,44 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4249600000000001 + "risk": 0.4601300000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.01024, - "percentile": 0.76767, - "date": "2026-01-07" + "cve": "CVE-2024-11053", + "epss": 0.01034, + "percentile": 0.76901, + "date": "2026-01-21" } ] } @@ -401,7 +415,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } @@ -451,31 +465,39 @@ }, { "vulnerability": { - "id": "CVE-2024-34459", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -483,54 +505,72 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.35997500000000004 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-34459", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", - "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-34459", - "epss": 0.00847, - "percentile": 0.74334, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -538,21 +578,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-34459", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -569,93 +609,137 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -663,21 +747,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -691,37 +775,48 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -729,37 +824,52 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.2621050000000001 + "risk": 0.35997500000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-34459", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", + "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -770,17 +880,25 @@ ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00589, - "percentile": 0.68521, - "date": "2026-01-07" + "cve": "CVE-2024-34459", + "epss": 0.00847, + "percentile": 0.74344, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-34459", + "cwe": "CWE-122", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -788,21 +906,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -816,59 +934,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-9681", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -876,69 +991,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20009999999999997 + "risk": 0.22366 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-9681", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "id": "CVE-2025-14087", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-9681.html", - "https://curl.se/docs/CVE-2024-9681.json", - "https://hackerone.com/reports/2764830", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "http://www.openwall.com/lists/oss-security/2024/11/06/2", - "https://security.netapp.com/advisory/ntap-20241213-0006/" + "https://access.redhat.com/security/cve/CVE-2025-14087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" ], - "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-9681", - "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "cve": "CVE-2025-14087", + "epss": 0.00422, + "percentile": 0.61536, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14087", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -946,21 +1046,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-9681", + "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -974,25 +1074,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -1025,8 +1114,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1088,8 +1185,16 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68241, - "date": "2026-01-07" + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1116,8 +1221,8 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1135,16 +1240,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1160,31 +1265,39 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1192,44 +1305,70 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.20009999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-9681", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://hackerone.com/reports/2764830", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://security.netapp.com/advisory/ntap-20241213-0006/" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-9681", + "epss": 0.0058, + "percentile": 0.68294, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-9681", + "cwe": "CWE-697", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1250,14 +1389,14 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", "version": "7.76.1-34.el9", "type": "rpm", "locations": [ @@ -1275,16 +1414,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -1300,17 +1439,17 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1321,62 +1460,74 @@ ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.14996500000000004 + "risk": 0.19313000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.00337, - "percentile": 0.56021, - "date": "2026-01-07" + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1384,21 +1535,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-11053", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -1412,59 +1563,208 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.19313000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + ], + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-41996", + "epss": 0.00434, + "percentile": 0.62298, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2024-41996", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14087", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -1472,39 +1772,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.13727 + "risk": 0.097555 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14087", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14087", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14087", - "epss": 0.00259, - "percentile": 0.49025, - "date": "2026-01-07" + "cve": "CVE-2026-0990", + "epss": 0.00179, + "percentile": 0.39689, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -1519,21 +1827,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14087", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -1547,13 +1855,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -1587,8 +1895,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1640,8 +1962,22 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39799, - "date": "2026-01-07" + "percentile": 0.39656, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-32636", + "cwe": "CWE-502", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1724,8 +2060,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1785,8 +2135,22 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44213, - "date": "2026-01-07" + "percentile": 0.44097, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1846,31 +2210,39 @@ }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1878,27 +2250,26 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -1907,35 +2278,13 @@ "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1943,17 +2292,25 @@ ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.42056, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1961,21 +2318,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "06e2c48d975ea1da", + "name": "libgcc", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -1989,14 +2346,19 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2006,20 +2368,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2027,10 +2389,18 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2038,57 +2408,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.065875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2096,21 +2476,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -2124,48 +2504,73 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2173,57 +2578,102 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.038500000000000006 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.001, - "percentile": 0.28512, - "date": "2026-01-07" + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41926, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2231,21 +2681,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2259,48 +2709,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2308,10 +2747,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2319,41 +2766,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23202, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2368,21 +2832,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2396,48 +2860,56 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -2445,47 +2917,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.047355 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28393, - "date": "2026-01-07" + "cve": "CVE-2024-13176", + "epss": 0.00123, + "percentile": 0.32075, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2493,21 +2983,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2521,48 +3011,67 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2570,28 +3079,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2599,10 +3108,18 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.18916, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -2617,21 +3134,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2645,13 +3162,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2662,31 +3179,39 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2694,28 +3219,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2723,17 +3250,25 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19245, - "date": "2026-01-07" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.2304, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2741,21 +3276,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2769,25 +3304,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2797,31 +3321,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2829,49 +3361,55 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28232, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2879,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2907,25 +3445,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -2935,31 +3462,39 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2967,31 +3502,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2999,17 +3531,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15995, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3017,21 +3557,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", - "version": "6.2-12.20210508.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3045,25 +3585,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-12.20210508.el9" - } + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3073,31 +3602,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3105,28 +3642,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3134,17 +3671,25 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10689, - "date": "2026-01-07" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23777, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3152,21 +3697,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3180,14 +3725,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3197,20 +3753,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3218,10 +3774,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -3229,59 +3785,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024475000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3289,21 +3834,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "06e2c48d975ea1da", - "name": "libgcc", - "version": "11.5.0-11.el9", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -3317,19 +3862,14 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3339,20 +3879,20 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3360,10 +3900,10 @@ ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { @@ -3371,52 +3911,42 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02125 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ] } @@ -3431,21 +3961,21 @@ "version": "9.7" }, "package": { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3459,17 +3989,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-11.el9" + "name": "ncurses", + "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -3481,23 +4017,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3505,94 +4038,2091 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.024225 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + ], + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15947, + "date": "2026-01-21" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "26.1.1" - } + "name": "ncurses", + "version": "6.2-12.20210508.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "0:2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20968, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019764999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + ], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18495, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10902, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "26.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014399999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08036, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08427, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.68.4-18.el9_7.1" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" + } + ], + "risk": 0.013335000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + ], + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00021, + "percentile": 0.04523, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.68.4-18.el9_7.1" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "No description is available for this CVE.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11433, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02824, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -3600,53 +6130,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.0802, - "date": "2026-01-07" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08923, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -3661,21 +6185,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3689,13 +6213,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3706,20 +6230,20 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -3727,10 +6251,24 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -3738,51 +6276,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08495, - "date": "2026-01-07" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } @@ -3797,21 +6338,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -3825,13 +6366,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3842,31 +6383,140 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "26.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3874,31 +6524,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3906,17 +6553,31 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03455, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3924,21 +6585,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3952,25 +6613,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3980,31 +6630,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -4012,49 +6670,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013905000000000002 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06607, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4062,21 +6739,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4090,25 +6767,14 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4118,31 +6784,39 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4150,64 +6824,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012240000000000003 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02905, - "date": "2026-01-07" + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4215,21 +6879,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "31d143a38566e735", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4243,14 +6907,19 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4260,118 +6929,184 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.00888 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "26.1.1" - } + "name": "util-linux", + "version": "2.37.4-21.el9" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", + "id": "1bd147c6291221f2", + "name": "libfdisk", + "version": "2.37.4-21.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4379,48 +7114,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010795 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00017, - "percentile": 0.03099, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4428,21 +7169,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4459,11 +7200,16 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4473,31 +7219,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4505,46 +7259,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04626, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4552,21 +7314,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4580,14 +7342,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4597,31 +7364,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4629,41 +7404,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4678,21 +7459,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4706,23 +7487,17 @@ ], "language": "", "licenses": [ - "MIT" + "BSD" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -4734,31 +7509,39 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4766,48 +7549,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4815,21 +7604,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4843,25 +7632,20 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4871,31 +7655,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -4903,60 +7695,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + ], + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "cvss": [ { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-14104", + "epss": 0.00016, + "percentile": 0.02675, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4964,21 +7750,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -4992,14 +7778,29 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5009,31 +7810,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5045,42 +7854,51 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5088,21 +7906,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5116,19 +7934,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5138,31 +7951,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5174,35 +7995,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5217,21 +8047,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5245,17 +8075,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5267,31 +8103,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5303,35 +8147,44 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5346,21 +8199,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5374,17 +8227,27 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5396,31 +8259,45 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5428,46 +8305,76 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04009, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5475,21 +8382,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5503,19 +8410,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5525,31 +8427,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5557,46 +8467,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5604,21 +8527,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -5632,53 +8555,56 @@ ], "language": "", "licenses": [ - "BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5686,46 +8612,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5733,82 +8672,95 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "0:2.37.4-21.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", - "version": "2.37.4-21.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], - "language": "", - "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" - ], - "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5816,39 +8768,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, + "baseScore": 4.4, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02725, - "date": "2026-01-07" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.03744, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5863,21 +8829,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", - "version": "2.37.4-21.el9", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -5891,27 +8857,23 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -5923,31 +8885,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5955,44 +8925,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6007,21 +8967,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6035,48 +8995,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6084,44 +9052,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6136,21 +9094,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6164,59 +9122,67 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", + "cve": "CVE-2025-15281", "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -6224,45 +9190,34 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.008010000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Unknown", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", - "cvss": [ + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03887, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -6277,21 +9232,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6305,23 +9260,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -6356,8 +9315,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6410,8 +9377,16 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04912, - "date": "2026-01-07" + "percentile": 0.04788, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6494,8 +9469,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6547,8 +9530,16 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06088, - "date": "2026-01-07" + "percentile": 0.06112, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -6631,8 +9622,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6685,8 +9690,22 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03732, - "date": "2026-01-07" + "percentile": 0.03599, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6780,8 +9799,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6832,8 +9865,22 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01591, - "date": "2026-01-07" + "percentile": 0.01609, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6916,8 +9963,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6970,8 +10025,16 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05186, - "date": "2026-01-07" + "percentile": 0.05096, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -7017,10 +10080,163 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005225000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + ], + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6170", + "epss": 0.00019, + "percentile": 0.03858, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7031,31 +10247,39 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7063,44 +10287,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7108,10 +10328,18 @@ ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00013, - "percentile": 0.01622, - "date": "2026-01-07" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02049, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7126,21 +10354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7154,13 +10382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7171,31 +10399,31 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7203,59 +10431,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.5, + "baseScore": 6.3, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03374, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7263,21 +10479,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7294,11 +10510,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7308,31 +10535,31 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ], "fix": { @@ -7340,58 +10567,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004129999999999999 + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00014, - "percentile": 0.02035, - "date": "2026-01-07" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7399,21 +10615,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -7430,11 +10646,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7466,9 +10693,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7476,7 +10711,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0032700000000000003 + "risk": 0.002725 }, "relatedVulnerabilities": [ { @@ -7491,6 +10726,18 @@ ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -7507,9 +10754,17 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00006, - "percentile": 0.00303, - "date": "2026-01-07" + "epss": 0.00005, + "percentile": 0.00218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", + "type": "Secondary" } ] } @@ -7786,7 +11041,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7906,7 +11161,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7916,6 +11170,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7949,87 +11204,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/agent/grype-26.1.1.md b/docs/security/agent/grype-26.1.1.md index c755795..3267fd4 100644 --- a/docs/security/agent/grype-26.1.1.md +++ b/docs/security/agent/grype-26.1.1.md @@ -7,15 +7,18 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | -| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libfdisk | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | @@ -25,19 +28,23 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | +| curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | +| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | -| curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | -| libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | +| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | @@ -45,20 +52,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | -| libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | -| libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-latest.md b/docs/security/agent/grype-latest.md index 26ebdea..3fb237c 100644 --- a/docs/security/agent/grype-latest.md +++ b/docs/security/agent/grype-latest.md @@ -1,6 +1,6 @@ ## Known agent vulnerabilities -High and critical vulnerabilities not triaged for the latest version (ghcr.io/fluentdo/agent:26.1.1) of the agent are shown below, as reported by Grype. +High and critical vulnerabilities not triaged for the latest version (ghcr.io/telemetryforge/agent:26.1.2) of the agent are shown below, as reported by Grype. | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | diff --git a/docs/security/cves.md b/docs/security/cves.md index f585ff2..ddf5ec3 100644 --- a/docs/security/cves.md +++ b/docs/security/cves.md @@ -174,96 +174,6 @@ Full unfiltered reports are shown below, covering all severities and without any - [CycloneDX JSON SBOM](agent/cyclonedx-25.12.4.cdx.json) - [SPDX JSON SBOM](agent/spdx-25.12.4.spdx.json) -### Agent Version: 25.7.1 - -- [Grype Markdown Report](agent/grype-25.7.1.md) -- [Grype JSON Report](agent/grype-25.7.1.json) - -- [Syft JSON SBOM](agent/syft-25.7.1.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.7.1.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.7.1.spdx.json) - -### Agent Version: 25.7.2 - -- [Grype Markdown Report](agent/grype-25.7.2.md) -- [Grype JSON Report](agent/grype-25.7.2.json) - -- [Syft JSON SBOM](agent/syft-25.7.2.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.7.2.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.7.2.spdx.json) - -### Agent Version: 25.7.4 - -- [Grype Markdown Report](agent/grype-25.7.4.md) -- [Grype JSON Report](agent/grype-25.7.4.json) - -- [Syft JSON SBOM](agent/syft-25.7.4.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.7.4.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.7.4.spdx.json) - -### Agent Version: 25.8.2 - -- [Grype Markdown Report](agent/grype-25.8.2.md) -- [Grype JSON Report](agent/grype-25.8.2.json) - -- [Syft JSON SBOM](agent/syft-25.8.2.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.8.2.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.8.2.spdx.json) - -### Agent Version: 25.8.4 - -- [Grype Markdown Report](agent/grype-25.8.4.md) -- [Grype JSON Report](agent/grype-25.8.4.json) - -- [Syft JSON SBOM](agent/syft-25.8.4.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.8.4.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.8.4.spdx.json) - -### Agent Version: 25.9.1 - -- [Grype Markdown Report](agent/grype-25.9.1.md) -- [Grype JSON Report](agent/grype-25.9.1.json) - -- [Syft JSON SBOM](agent/syft-25.9.1.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.9.1.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.9.1.spdx.json) - -### Agent Version: 25.9.2 - -- [Grype Markdown Report](agent/grype-25.9.2.md) -- [Grype JSON Report](agent/grype-25.9.2.json) - -- [Syft JSON SBOM](agent/syft-25.9.2.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.9.2.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.9.2.spdx.json) - -### Agent Version: 25.9.3 - -- [Grype Markdown Report](agent/grype-25.9.3.md) -- [Grype JSON Report](agent/grype-25.9.3.json) - -- [Syft JSON SBOM](agent/syft-25.9.3.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.9.3.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.9.3.spdx.json) - -### Agent Version: 25.9.4 - -- [Grype Markdown Report](agent/grype-25.9.4.md) -- [Grype JSON Report](agent/grype-25.9.4.json) - -- [Syft JSON SBOM](agent/syft-25.9.4.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.9.4.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.9.4.spdx.json) - -### Agent Version: 25.9.5 - -- [Grype Markdown Report](agent/grype-25.9.5.md) -- [Grype JSON Report](agent/grype-25.9.5.json) - -- [Syft JSON SBOM](agent/syft-25.9.5.json) -- [CycloneDX JSON SBOM](agent/cyclonedx-25.9.5.cdx.json) -- [SPDX JSON SBOM](agent/spdx-25.9.5.spdx.json) - ### Agent Version: 26.1.1 - [Grype Markdown Report](agent/grype-26.1.1.md) @@ -273,42 +183,6 @@ Full unfiltered reports are shown below, covering all severities and without any - [CycloneDX JSON SBOM](agent/cyclonedx-26.1.1.cdx.json) - [SPDX JSON SBOM](agent/spdx-26.1.1.spdx.json) -### Oss Version: 4.0.10 - -- [Grype Markdown Report](oss/grype-4.0.10.md) -- [Grype JSON Report](oss/grype-4.0.10.json) - -- [Syft JSON SBOM](oss/syft-4.0.10.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.10.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.10.spdx.json) - -### Oss Version: 4.0.11 - -- [Grype Markdown Report](oss/grype-4.0.11.md) -- [Grype JSON Report](oss/grype-4.0.11.json) - -- [Syft JSON SBOM](oss/syft-4.0.11.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.11.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.11.spdx.json) - -### Oss Version: 4.0.12 - -- [Grype Markdown Report](oss/grype-4.0.12.md) -- [Grype JSON Report](oss/grype-4.0.12.json) - -- [Syft JSON SBOM](oss/syft-4.0.12.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.12.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.12.spdx.json) - -### Oss Version: 4.0.13 - -- [Grype Markdown Report](oss/grype-4.0.13.md) -- [Grype JSON Report](oss/grype-4.0.13.json) - -- [Syft JSON SBOM](oss/syft-4.0.13.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.13.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.13.spdx.json) - ### Oss Version: 4.0.14 - [Grype Markdown Report](oss/grype-4.0.14.md) @@ -318,69 +192,6 @@ Full unfiltered reports are shown below, covering all severities and without any - [CycloneDX JSON SBOM](oss/cyclonedx-4.0.14.cdx.json) - [SPDX JSON SBOM](oss/spdx-4.0.14.spdx.json) -### Oss Version: 4.0.3 - -- [Grype Markdown Report](oss/grype-4.0.3.md) -- [Grype JSON Report](oss/grype-4.0.3.json) - -- [Syft JSON SBOM](oss/syft-4.0.3.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.3.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.3.spdx.json) - -### Oss Version: 4.0.4 - -- [Grype Markdown Report](oss/grype-4.0.4.md) -- [Grype JSON Report](oss/grype-4.0.4.json) - -- [Syft JSON SBOM](oss/syft-4.0.4.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.4.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.4.spdx.json) - -### Oss Version: 4.0.5 - -- [Grype Markdown Report](oss/grype-4.0.5.md) -- [Grype JSON Report](oss/grype-4.0.5.json) - -- [Syft JSON SBOM](oss/syft-4.0.5.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.5.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.5.spdx.json) - -### Oss Version: 4.0.6 - -- [Grype Markdown Report](oss/grype-4.0.6.md) -- [Grype JSON Report](oss/grype-4.0.6.json) - -- [Syft JSON SBOM](oss/syft-4.0.6.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.6.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.6.spdx.json) - -### Oss Version: 4.0.7 - -- [Grype Markdown Report](oss/grype-4.0.7.md) -- [Grype JSON Report](oss/grype-4.0.7.json) - -- [Syft JSON SBOM](oss/syft-4.0.7.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.7.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.7.spdx.json) - -### Oss Version: 4.0.8 - -- [Grype Markdown Report](oss/grype-4.0.8.md) -- [Grype JSON Report](oss/grype-4.0.8.json) - -- [Syft JSON SBOM](oss/syft-4.0.8.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.8.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.8.spdx.json) - -### Oss Version: 4.0.9 - -- [Grype Markdown Report](oss/grype-4.0.9.md) -- [Grype JSON Report](oss/grype-4.0.9.json) - -- [Syft JSON SBOM](oss/syft-4.0.9.json) -- [CycloneDX JSON SBOM](oss/cyclonedx-4.0.9.cdx.json) -- [SPDX JSON SBOM](oss/spdx-4.0.9.spdx.json) - ### Oss Version: 4.1.0 - [Grype Markdown Report](oss/grype-4.1.0.md) diff --git a/docs/security/oss/grype-4.0.14.json b/docs/security/oss/grype-4.0.14.json index b33e960..ab2f533 100644 --- a/docs/security/oss/grype-4.0.14.json +++ b/docs/security/oss/grype-4.0.14.json @@ -26,8 +26,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -85,8 +105,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -162,8 +202,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -289,8 +337,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -357,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -411,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -475,148 +531,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.08345000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-17740", @@ -630,8 +544,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -685,8 +607,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -751,19 +681,27 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -771,19 +709,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", @@ -812,10 +753,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -836,7 +785,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } @@ -890,19 +839,27 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -910,45 +867,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0369 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -963,27 +934,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -992,88 +963,108 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03605 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1088,27 +1079,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1117,31 +1108,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1149,32 +1148,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1182,10 +1189,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1200,131 +1215,133 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:12", - "severity": "Medium", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.031065 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1339,27 +1356,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1368,31 +1385,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1400,31 +1425,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02885 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1443,17 +1469,25 @@ ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1461,108 +1495,136 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.048924999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ] } @@ -1577,27 +1639,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1606,40 +1668,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1647,51 +1708,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.0452 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1706,27 +1769,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1735,31 +1798,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1767,25 +1838,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1797,7 +1868,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1808,10 +1879,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1826,124 +1905,141 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1951,27 +2047,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -1980,33 +2076,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2014,42 +2111,55 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.020249999999999997 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2057,10 +2167,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2075,27 +2193,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2104,31 +2225,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2136,33 +2265,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -2181,17 +2308,25 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2199,79 +2334,64 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2279,32 +2399,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2312,33 +2433,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2359,7 +2476,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -2413,23 +2530,21 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2437,65 +2552,136 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0147 + "risk": 0.03075 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.0.14" - } + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c905f0929b4d792a", - "name": "fluent-bit", - "version": "4.0.14", - "type": "binary", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.14", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -2523,17 +2709,34 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.02013 }, "relatedVulnerabilities": [ { @@ -2562,9 +2765,17 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2586,7 +2797,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -2620,19 +2834,27 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2640,43 +2862,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012650000000000002 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2684,10 +2895,18 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2708,7 +2927,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } @@ -2762,52 +2981,70 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2815,17 +3052,25 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2833,27 +3078,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2862,42 +3107,208 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -2905,7 +3316,7 @@ "state": "" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2923,7 +3334,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29477", + "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -2938,9 +3349,425 @@ "type": "binary", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.14", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.010815000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2949,10 +3776,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.14", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -2968,8 +3799,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3025,8 +3864,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3089,6 +3936,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.14" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c905f0929b4d792a", + "name": "fluent-bit", + "version": "4.0.14", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.14", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2024-26458", @@ -3102,8 +4044,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3142,8 +4092,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3219,8 +4177,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3259,8 +4225,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3327,8 +4301,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3367,8 +4349,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3440,8 +4430,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3480,8 +4478,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3548,8 +4554,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3597,8 +4611,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3654,73 +4676,62 @@ }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Unknown", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00725 + "risk": 0.009000000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Unknown", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3741,7 +4752,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3795,19 +4806,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3815,52 +4834,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3875,60 +4902,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3936,59 +5003,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3996,27 +5071,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -4025,27 +5100,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4053,28 +5140,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4083,10 +5171,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -4094,10 +5182,18 @@ ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4112,69 +5208,96 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "cpes": [ + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "openldap" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4182,41 +5305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4231,60 +5373,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4292,48 +5465,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4341,56 +5533,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4398,41 +5625,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "severity": "Critical", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4447,60 +5694,93 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "systemd" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4508,21 +5788,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4535,21 +5814,47 @@ "impactScore": 1.5 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4563,21 +5868,21 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4586,27 +5891,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "upstreams": [ + { + "name": "systemd" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4614,46 +5937,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4661,69 +6011,64 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4731,39 +6076,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4778,27 +6143,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4807,31 +6172,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4839,39 +6221,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4886,27 +6278,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4915,36 +6307,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4952,46 +6347,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4999,27 +6404,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5028,31 +6433,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5060,52 +6469,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5126,7 +6532,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5161,19 +6567,27 @@ }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5181,52 +6595,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5247,7 +6658,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5278,19 +6689,27 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5298,52 +6717,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5358,92 +6772,77 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5451,52 +6850,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "severity": "High", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5511,27 +6905,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5540,31 +6934,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5572,52 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5632,88 +7029,73 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5721,52 +7103,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5781,83 +7158,68 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5865,52 +7227,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5925,64 +7284,41 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "gcc-12" + "name": "curl" } ] } @@ -5999,9 +7335,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6009,7 +7353,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0017500000000000003 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { @@ -6039,9 +7383,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6118,19 +7470,33 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6138,41 +7504,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6187,27 +7578,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -6216,44 +7607,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6261,27 +7727,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -6290,14 +7756,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -6307,22 +7769,74 @@ "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6376,27 +7890,90 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6409,27 +7986,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -6438,39 +8015,84 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6489,7 +8111,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -6524,27 +8146,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6563,7 +8220,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -6819,7 +8476,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -6939,7 +8596,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -6949,6 +8605,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -6982,87 +8639,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.0.14.md b/docs/security/oss/grype-4.0.14.md index 1afa491..eaf17d9 100644 --- a/docs/security/oss/grype-4.0.14.md +++ b/docs/security/oss/grype-4.0.14.md @@ -6,27 +6,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -34,6 +38,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -46,18 +55,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index 3e9c1f3..c7f206d 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -85,8 +105,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -162,8 +202,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -289,8 +337,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -357,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -411,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -504,8 +560,16 @@ { "cve": "CVE-2025-12970", "epss": 0.00134, - "percentile": 0.33843, - "date": "2026-01-07" + "percentile": 0.33651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12970", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -563,6 +627,154 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.08215 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openldap", + "version": "2.5.13+dfsg-5" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-20796", @@ -575,9 +787,17 @@ "epss": [ { "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -585,7 +805,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08345000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { @@ -630,9 +850,17 @@ "epss": [ { "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -707,19 +935,27 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -727,28 +963,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -760,7 +993,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -771,10 +1004,18 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -789,27 +1030,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -818,99 +1059,143 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12977", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", - "cvss": [ + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "metrics": { - "baseScore": 9.1, - "exploitabilityScore": 3.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12977", - "epss": 0.00078, - "percentile": 0.23725, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.07059 + "risk": 0.07425000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12977", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -919,85 +1204,275 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12978", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12978", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/announcements/v4.1.0/" + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.", - "cvss": [ + "cwes": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} }, - "vendorMetadata": {} + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12978", - "epss": 0.00131, - "percentile": 0.33475, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.06812 + "risk": 0.07425000000000001 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12978", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1006,43 +1481,55 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-12969", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", + "id": "CVE-2025-12977", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" ], - "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, + "baseScore": 9.1, "exploitabilityScore": 3.9, - "impactScore": 2.6 + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12969", - "epss": 0.00106, - "percentile": 0.29395, - "date": "2026-01-07" + "cve": "CVE-2025-12977", + "epss": 0.00078, + "percentile": 0.23555, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12977", + "cwe": "CWE-1287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -1050,7 +1537,7 @@ "state": "" }, "advisories": [], - "risk": 0.06094999999999999 + "risk": 0.07059 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1068,7 +1555,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-12969", + "vulnerabilityID": "CVE-2025-12977", "versionConstraint": "= 4.1.0 (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -1102,35 +1589,34 @@ }, { "vulnerability": { - "id": "CVE-2025-12972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", + "id": "CVE-2025-12978", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12978", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + "https://fluentbit.io/announcements/v4.1.0/" ], - "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12972", - "epss": 0.00093, - "percentile": 0.26714, - "date": "2026-01-07" + "cve": "CVE-2025-12978", + "epss": 0.00131, + "percentile": 0.33284, + "date": "2026-01-21" } ], "fix": { @@ -1138,7 +1624,7 @@ "state": "" }, "advisories": [], - "risk": 0.047895 + "risk": 0.06812 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1156,7 +1642,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-12972", + "vulnerabilityID": "CVE-2025-12978", "versionConstraint": "= 4.1.0 (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -1190,19 +1676,27 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1210,29 +1704,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1240,7 +1737,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1251,10 +1748,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1275,7 +1780,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -1329,65 +1834,172 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-12969", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 3.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12969", + "epss": 0.00106, + "percentile": 0.29225, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12969", + "cwe": "CWE-306", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.06094999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12969", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0369 + "risk": 0.048924999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ] } @@ -1408,7 +2020,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } @@ -1443,18 +2055,21 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", - "namespace": "debian:distro:debian:12", + "id": "CVE-2025-12972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -1463,56 +2078,154 @@ "vendorMetadata": {} } ], - "epss": [ + "epss": [ + { + "cve": "CVE-2025-12972", + "epss": 0.00093, + "percentile": 0.26542, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12972", + "cwe": "CWE-22", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.047895 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12972", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03605 + "risk": 0.0452 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1533,7 +2246,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } @@ -1568,19 +2281,27 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1588,32 +2309,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1621,10 +2350,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1645,7 +2382,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -1699,21 +2436,21 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -1721,10 +2458,10 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { @@ -1732,160 +2469,41 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.031065 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } @@ -1900,27 +2518,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -1929,79 +2547,109 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2016,27 +2664,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2045,40 +2696,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2086,25 +2736,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2116,7 +2768,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2127,17 +2779,25 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2145,27 +2805,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2174,31 +2834,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2206,29 +2870,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2236,7 +2904,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2247,10 +2915,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2265,117 +2941,148 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -2390,53 +3097,72 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -2453,33 +3179,66 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.020249999999999997 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.02175 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -2496,10 +3255,24 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.0786, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -2514,135 +3287,161 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "curl" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { "versions": [ - "3.0.17-1~deb12u3" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } - ] - }, - "advisories": [ - { - "id": "", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + ] + }, + "advisories": [], + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06519, - "date": "2026-01-07" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2657,84 +3456,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2742,44 +3528,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2787,10 +3561,18 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2811,7 +3593,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } @@ -2863,6 +3645,144 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.01854 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" + ], + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010023", @@ -2875,9 +3795,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" } ], "fix": { @@ -2885,7 +3805,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01565 }, "relatedVulnerabilities": [ { @@ -2942,9 +3862,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" } ] } @@ -3043,8 +3963,16 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -3062,7 +3990,7 @@ }, "advisories": [ { - "id": "", + "id": "DSA-6015-1", "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" } ], @@ -3102,8 +4030,16 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07232, - "date": "2026-01-07" + "percentile": 0.07249, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3209,8 +4145,16 @@ { "cve": "CVE-2025-29478", "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3270,32 +4214,40 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -3303,161 +4255,48 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.012720000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.012650000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3478,7 +4317,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } @@ -3543,8 +4382,16 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3587,8 +4434,16 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3640,77 +4495,125 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.010815000000000002 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.0" - } + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -3719,10 +4622,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -3738,8 +4645,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3795,8 +4710,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3859,6 +4782,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2024-26458", @@ -3872,8 +4890,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3912,8 +4938,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3989,8 +5023,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4029,8 +5071,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4097,8 +5147,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4137,8 +5195,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4210,8 +5276,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4250,8 +5324,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4318,8 +5400,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4367,8 +5457,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4424,73 +5522,62 @@ }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Unknown", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00725 + "risk": 0.009000000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Unknown", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4511,7 +5598,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4565,19 +5652,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4585,52 +5680,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4645,60 +5748,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4706,59 +5849,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4766,27 +5917,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -4795,27 +5946,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4823,28 +5986,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4853,10 +6017,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -4864,10 +6028,18 @@ ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4882,69 +6054,96 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "cpes": [ + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "openldap" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4952,41 +6151,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5001,60 +6219,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5062,48 +6311,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5111,56 +6379,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5168,41 +6471,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "severity": "Critical", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5217,60 +6540,93 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "systemd" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5278,21 +6634,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -5305,21 +6660,47 @@ "impactScore": 1.5 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5333,21 +6714,21 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5356,27 +6737,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "upstreams": [ + { + "name": "systemd" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5384,46 +6783,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5431,69 +6857,64 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5501,39 +6922,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5548,27 +6989,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5577,31 +7018,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5609,39 +7067,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5656,27 +7124,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -5685,36 +7153,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5722,46 +7193,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5769,27 +7250,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5798,31 +7279,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5830,52 +7315,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5896,7 +7378,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5931,19 +7413,27 @@ }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5951,52 +7441,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6017,7 +7504,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -6048,19 +7535,27 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6068,52 +7563,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6128,92 +7618,77 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6221,52 +7696,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "severity": "High", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6281,27 +7751,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -6310,31 +7780,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6342,52 +7820,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6402,88 +7875,73 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6491,52 +7949,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6551,83 +8004,68 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6635,52 +8073,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6695,64 +8130,41 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "gcc-12" + "name": "curl" } ] } @@ -6769,9 +8181,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6779,7 +8199,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0017500000000000003 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { @@ -6809,9 +8229,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6888,19 +8316,33 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6908,41 +8350,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6957,27 +8424,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -6986,44 +8453,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7031,27 +8573,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -7060,14 +8602,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -7077,22 +8615,74 @@ "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -7146,27 +8736,90 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -7179,27 +8832,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -7208,39 +8861,84 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -7259,7 +8957,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -7294,27 +8992,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -7333,7 +9066,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -7589,7 +9322,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -7709,7 +9442,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -7719,6 +9451,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -7752,87 +9485,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index 1e7eded..9b58f36 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -8,32 +8,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.0 | [CVE-2025-12977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12977) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | fluent-bit | 4.1.0 | [CVE-2025-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12970) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | fluent-bit | 4.1.0 | [CVE-2025-12978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12978) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -41,6 +45,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -53,18 +62,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.1.1.json b/docs/security/oss/grype-4.1.1.json index ac56699..507cd18 100644 --- a/docs/security/oss/grype-4.1.1.json +++ b/docs/security/oss/grype-4.1.1.json @@ -26,8 +26,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -85,8 +105,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -162,8 +202,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -289,8 +337,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -357,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -411,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -475,148 +531,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.08345000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-17740", @@ -630,8 +544,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -685,8 +607,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -751,19 +681,27 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -771,19 +709,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", @@ -812,10 +753,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -836,7 +785,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } @@ -890,19 +839,27 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -910,45 +867,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0369 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -963,27 +934,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -992,88 +963,108 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03605 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1088,27 +1079,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1117,31 +1108,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1149,32 +1148,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1182,10 +1189,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1200,131 +1215,133 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:12", - "severity": "Medium", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.031065 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1339,27 +1356,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1368,31 +1385,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1400,31 +1425,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02885 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1443,17 +1469,25 @@ ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1461,108 +1495,136 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.048924999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ] } @@ -1577,27 +1639,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1606,40 +1668,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1647,51 +1708,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.0452 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1706,27 +1769,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1735,31 +1798,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1767,25 +1838,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1797,7 +1868,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1808,10 +1879,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1826,124 +1905,141 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1951,27 +2047,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -1980,33 +2076,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2014,42 +2111,55 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.020249999999999997 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2057,10 +2167,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2075,27 +2193,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2104,31 +2225,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2136,33 +2265,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -2181,17 +2308,25 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2199,79 +2334,64 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2279,32 +2399,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2312,33 +2433,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2359,7 +2476,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -2413,23 +2530,21 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2437,65 +2552,136 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0147 + "risk": 0.03075 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.1" - } + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd108375663c1956", - "name": "fluent-bit", - "version": "4.1.1", - "type": "binary", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -2523,17 +2709,34 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.02013 }, "relatedVulnerabilities": [ { @@ -2562,9 +2765,17 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2586,7 +2797,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -2620,19 +2834,27 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2640,43 +2862,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012650000000000002 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2684,10 +2895,18 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2708,7 +2927,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } @@ -2762,52 +2981,70 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2815,17 +3052,25 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2833,27 +3078,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2862,42 +3107,208 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -2905,7 +3316,7 @@ "state": "" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2923,7 +3334,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29477", + "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -2938,9 +3349,425 @@ "type": "binary", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.010815000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2949,10 +3776,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.1", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -2968,8 +3799,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3025,8 +3864,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3089,6 +3936,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "dd108375663c1956", + "name": "fluent-bit", + "version": "4.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.1", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2024-26458", @@ -3102,8 +4044,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3142,8 +4092,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3219,8 +4177,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3259,8 +4225,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3327,8 +4301,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3367,8 +4349,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3440,8 +4430,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3480,8 +4478,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3548,8 +4554,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3597,8 +4611,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3654,73 +4676,62 @@ }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Unknown", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00725 + "risk": 0.009000000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Unknown", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3741,7 +4752,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3795,19 +4806,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3815,52 +4834,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3875,60 +4902,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3936,59 +5003,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3996,27 +5071,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -4025,27 +5100,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4053,28 +5140,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4083,10 +5171,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -4094,10 +5182,18 @@ ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4112,69 +5208,96 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "cpes": [ + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "openldap" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4182,41 +5305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4231,60 +5373,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4292,48 +5465,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4341,56 +5533,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4398,41 +5625,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "severity": "Critical", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4447,60 +5694,93 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "systemd" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4508,21 +5788,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4535,21 +5814,47 @@ "impactScore": 1.5 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4563,21 +5868,21 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4586,27 +5891,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "upstreams": [ + { + "name": "systemd" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4614,46 +5937,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4661,69 +6011,64 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4731,39 +6076,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4778,27 +6143,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4807,31 +6172,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4839,39 +6221,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4886,27 +6278,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4915,36 +6307,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4952,46 +6347,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4999,27 +6404,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5028,31 +6433,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5060,52 +6469,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5126,7 +6532,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5161,19 +6567,27 @@ }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5181,52 +6595,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5247,7 +6658,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5278,19 +6689,27 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5298,52 +6717,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5358,92 +6772,77 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5451,52 +6850,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "severity": "High", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5511,27 +6905,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5540,31 +6934,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5572,52 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5632,88 +7029,73 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5721,52 +7103,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5781,83 +7158,68 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5865,52 +7227,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5925,64 +7284,41 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "gcc-12" + "name": "curl" } ] } @@ -5999,9 +7335,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6009,7 +7353,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0017500000000000003 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { @@ -6039,9 +7383,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6118,19 +7470,33 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6138,41 +7504,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6187,27 +7578,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -6216,44 +7607,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6261,27 +7727,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -6290,14 +7756,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -6307,22 +7769,74 @@ "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6376,27 +7890,90 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6409,27 +7986,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -6438,39 +8015,84 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6489,7 +8111,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -6524,27 +8146,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6563,7 +8220,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -6819,7 +8476,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -6939,7 +8596,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -6949,6 +8605,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -6982,87 +8639,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.1.1.md b/docs/security/oss/grype-4.1.1.md index 701cfdf..ce6bf08 100644 --- a/docs/security/oss/grype-4.1.1.md +++ b/docs/security/oss/grype-4.1.1.md @@ -6,27 +6,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -34,6 +38,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -46,18 +55,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.1.2.json b/docs/security/oss/grype-4.1.2.json index 91def58..6a79ab2 100644 --- a/docs/security/oss/grype-4.1.2.json +++ b/docs/security/oss/grype-4.1.2.json @@ -26,8 +26,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -85,8 +105,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -162,8 +202,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -289,8 +337,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -357,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -411,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -475,148 +531,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.08345000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-17740", @@ -630,8 +544,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -685,8 +607,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -751,19 +681,27 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -771,19 +709,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", @@ -812,10 +753,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -836,7 +785,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } @@ -890,19 +839,27 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -910,45 +867,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0369 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -963,27 +934,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -992,88 +963,108 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03605 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1088,27 +1079,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1117,31 +1108,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1149,32 +1148,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1182,10 +1189,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1200,131 +1215,133 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:12", - "severity": "Medium", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.031065 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1339,27 +1356,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1368,31 +1385,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1400,31 +1425,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02885 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1443,17 +1469,25 @@ ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1461,108 +1495,136 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.048924999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ] } @@ -1577,27 +1639,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1606,40 +1668,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1647,51 +1708,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.0452 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1706,27 +1769,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1735,31 +1798,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1767,25 +1838,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1797,7 +1868,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1808,10 +1879,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1826,124 +1905,141 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1951,27 +2047,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -1980,33 +2076,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2014,42 +2111,55 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.020249999999999997 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2057,10 +2167,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2075,27 +2193,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2104,31 +2225,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2136,33 +2265,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -2181,17 +2308,25 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2199,79 +2334,64 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2279,32 +2399,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2312,33 +2433,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2359,7 +2476,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -2413,23 +2530,21 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2437,65 +2552,136 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0147 + "risk": 0.03075 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.1.2" - } + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "08d2144e99b02e72", - "name": "fluent-bit", - "version": "4.1.2", - "type": "binary", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.2", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -2523,17 +2709,34 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.02013 }, "relatedVulnerabilities": [ { @@ -2562,9 +2765,17 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2586,7 +2797,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -2620,19 +2834,27 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2640,43 +2862,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012650000000000002 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2684,10 +2895,18 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2708,7 +2927,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } @@ -2762,52 +2981,70 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2815,17 +3052,25 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2833,27 +3078,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2862,42 +3107,208 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -2905,7 +3316,7 @@ "state": "" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2923,7 +3334,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29477", + "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -2938,9 +3349,425 @@ "type": "binary", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.010815000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2949,10 +3776,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.2", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -2968,8 +3799,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3025,8 +3864,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3089,6 +3936,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "08d2144e99b02e72", + "name": "fluent-bit", + "version": "4.1.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.2", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2024-26458", @@ -3102,8 +4044,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3142,8 +4092,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3219,8 +4177,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3259,8 +4225,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3327,8 +4301,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3367,8 +4349,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3440,8 +4430,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3480,8 +4478,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3548,8 +4554,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3597,8 +4611,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3654,73 +4676,62 @@ }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Unknown", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00725 + "risk": 0.009000000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Unknown", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3741,7 +4752,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3795,19 +4806,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3815,52 +4834,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3875,60 +4902,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3936,59 +5003,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3996,27 +5071,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -4025,27 +5100,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4053,28 +5140,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4083,10 +5171,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -4094,10 +5182,18 @@ ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4112,69 +5208,96 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "cpes": [ + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "openldap" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4182,41 +5305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4231,60 +5373,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4292,48 +5465,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4341,56 +5533,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4398,41 +5625,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "severity": "Critical", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4447,60 +5694,93 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "systemd" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4508,21 +5788,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4535,21 +5814,47 @@ "impactScore": 1.5 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4563,21 +5868,21 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4586,27 +5891,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "upstreams": [ + { + "name": "systemd" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4614,46 +5937,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4661,69 +6011,64 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4731,39 +6076,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4778,27 +6143,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4807,31 +6172,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4839,39 +6221,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4886,27 +6278,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4915,36 +6307,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4952,46 +6347,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4999,27 +6404,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5028,31 +6433,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5060,52 +6469,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5126,7 +6532,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5161,19 +6567,27 @@ }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5181,52 +6595,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5247,7 +6658,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5278,19 +6689,27 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5298,52 +6717,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5358,92 +6772,77 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5451,52 +6850,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "severity": "High", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5511,27 +6905,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5540,31 +6934,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5572,52 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5632,88 +7029,73 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5721,52 +7103,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5781,83 +7158,68 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5865,52 +7227,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5925,64 +7284,41 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "gcc-12" + "name": "curl" } ] } @@ -5999,9 +7335,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6009,7 +7353,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0017500000000000003 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { @@ -6039,9 +7383,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6118,19 +7470,33 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6138,41 +7504,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6187,27 +7578,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -6216,44 +7607,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6261,27 +7727,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -6290,14 +7756,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -6307,22 +7769,74 @@ "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6376,27 +7890,90 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6409,27 +7986,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -6438,39 +8015,84 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6489,7 +8111,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -6524,27 +8146,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6563,7 +8220,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -6819,7 +8476,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -6939,7 +8596,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -6949,6 +8605,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -6982,87 +8639,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.1.2.md b/docs/security/oss/grype-4.1.2.md index aaea5af..630b83f 100644 --- a/docs/security/oss/grype-4.1.2.md +++ b/docs/security/oss/grype-4.1.2.md @@ -6,27 +6,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -34,6 +38,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -46,18 +55,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.2.0.json b/docs/security/oss/grype-4.2.0.json index 074fc4c..a6e2e36 100644 --- a/docs/security/oss/grype-4.2.0.json +++ b/docs/security/oss/grype-4.2.0.json @@ -26,8 +26,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ], "fix": { @@ -85,8 +105,28 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80456, - "date": "2026-01-07" + "percentile": 0.80481, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Primary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Primary" } ] } @@ -162,8 +202,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -289,8 +337,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -357,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -411,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -475,148 +531,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.08345000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2017-17740", @@ -630,8 +544,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -685,8 +607,16 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -751,19 +681,27 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -771,19 +709,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", @@ -812,10 +753,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -836,7 +785,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } @@ -890,19 +839,27 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -910,45 +867,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0369 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", - "https://security.netapp.com/advisory/ntap-20250306-0009/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 7.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 3.4 + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00738, - "percentile": 0.72327, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -963,27 +934,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-0725", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -992,88 +963,108 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.03605 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2167, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1088,27 +1079,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1117,31 +1108,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1149,32 +1148,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1182,10 +1189,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1200,131 +1215,133 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:12", - "severity": "Medium", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.031065 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1339,27 +1356,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1368,31 +1385,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1400,31 +1425,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02885 + "risk": 0.061950000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1443,17 +1469,25 @@ ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1461,108 +1495,136 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.048924999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-10148", + "epss": 0.00095, + "percentile": 0.26874, + "date": "2026-01-21" } ] } @@ -1577,27 +1639,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-10148", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1606,40 +1668,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1647,51 +1708,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.0452 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://security.netapp.com/advisory/ntap-20250306-0009/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 7.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75235, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1706,27 +1769,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-0725", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -1735,31 +1798,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1767,25 +1838,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1797,7 +1868,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1808,10 +1879,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1826,124 +1905,141 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.04125 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1951,27 +2047,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "48b70e4d102cdd4b", + "name": "libtasn1-6", + "version": "4.19.0-2+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libtasn1-6", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", "annotations": { "evidence": "primary" } @@ -1980,33 +2076,34 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.19.0-2\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.19.0-2%2Bdeb12u1?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2014,42 +2111,55 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.020249999999999997 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2057,10 +2167,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00027, - "percentile": 0.06845, - "date": "2026-01-07" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2075,27 +2193,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2104,31 +2225,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2136,33 +2265,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -2181,17 +2308,25 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2199,79 +2334,64 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2279,32 +2399,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.0323 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2312,33 +2433,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2359,7 +2476,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -2413,23 +2530,21 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2437,65 +2552,136 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0147 + "risk": 0.03075 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "12" + }, "package": { - "name": "fluent-bit", - "version": "4.2.0" - } + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "98f5fa2eeb129470", - "name": "fluent-bit", - "version": "4.2.0", - "type": "binary", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.0", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -2523,17 +2709,34 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.02013 }, "relatedVulnerabilities": [ { @@ -2562,9 +2765,17 @@ "epss": [ { "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2586,7 +2797,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -2620,19 +2834,27 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2640,43 +2862,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.012650000000000002 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2684,10 +2895,18 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2708,7 +2927,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } @@ -2762,52 +2981,70 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2815,17 +3052,25 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2833,27 +3078,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2862,42 +3107,208 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -2905,7 +3316,7 @@ "state": "" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2923,7 +3334,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29477", + "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -2938,9 +3349,425 @@ "type": "binary", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.012720000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.010815000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" + ], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14524", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2949,10 +3776,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.0", - "upstreams": [] + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] } }, { @@ -2968,8 +3799,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3025,8 +3864,16 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3089,6 +3936,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "98f5fa2eeb129470", + "name": "fluent-bit", + "version": "4.2.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.0", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2024-26458", @@ -3102,8 +4044,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3142,8 +4092,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3219,8 +4177,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3259,8 +4225,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3327,8 +4301,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3367,8 +4349,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3440,8 +4430,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3480,8 +4478,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3548,8 +4554,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3597,8 +4611,16 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42702, - "date": "2026-01-07" + "percentile": 0.42572, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3654,73 +4676,62 @@ }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Unknown", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.00725 + "risk": 0.009000000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Unknown", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -3741,7 +4752,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -3795,19 +4806,27 @@ }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3815,52 +4834,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3875,60 +4902,100 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "0a534483a88e1e33", + "name": "gcc-12-base", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/gcc-12-base", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/gcc-12-base/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3936,59 +5003,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3996,27 +5071,27 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "d36a882b8a3ded0b", + "name": "libatomic1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libatomic1", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libatomic1", "annotations": { "evidence": "primary" } @@ -4025,27 +5100,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4053,28 +5140,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00615 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4083,10 +5171,10 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, + "baseScore": 4.3, + "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} @@ -4094,10 +5182,18 @@ ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4112,69 +5208,96 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "74f0cf86f14f0675", + "name": "libgcc-s1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libgcc-s1", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgcc-s1/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", + "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "cpes": [ + "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", + "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "openldap" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4182,41 +5305,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4231,60 +5373,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "cd7473971e9d06dd", + "name": "libgomp1", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libgomp1", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", + "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libgomp1/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", "upstreams": [ { - "name": "systemd" + "name": "gcc-12" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4292,48 +5465,67 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00775 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "cve": "CVE-2022-27943", + "epss": 0.00155, + "percentile": 0.36663, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4341,56 +5533,91 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "gcc-12", + "version": "12.2.0-14+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "9a37debf0d05047e", + "name": "libstdc++6", + "version": "12.2.0-14+deb12u1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libstdc++6", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6", "annotations": { "evidence": "primary" } + }, + { + "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", + "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/usr/share/doc/gcc-12-base/copyright", + "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", + "accessPath": "/usr/share/doc/libstdc++6/copyright", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Artistic", + "GFDL-1.2", + "GPL", + "GPL-2", + "GPL-3", + "LGPL" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "upstreams": [ + { + "name": "gcc-12" + } + ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4398,41 +5625,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", - "https://github.com/systemd/systemd/releases" + "severity": "Critical", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4447,60 +5694,93 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "systemd" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4508,21 +5788,20 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -4535,21 +5814,47 @@ "impactScore": 1.5 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4563,21 +5868,21 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4586,27 +5891,45 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "upstreams": [ + { + "name": "systemd" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4614,46 +5937,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.006400000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31437", + "epss": 0.00128, + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4661,69 +6011,64 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4731,39 +6076,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.00615 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2017-14159", + "epss": 0.00123, + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4778,27 +6143,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u4", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4807,31 +6172,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4839,39 +6221,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4886,27 +6278,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u4", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4915,36 +6307,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "krb5" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4952,46 +6347,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28886", + "https://github.com/systemd/systemd/releases" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "cve": "CVE-2023-31438", + "epss": 0.001, + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4999,27 +6404,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -5028,31 +6433,35 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5060,52 +6469,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5126,7 +6532,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5161,19 +6567,27 @@ }, { "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5181,52 +6595,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0047 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2023-31439", + "epss": 0.00094, + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5247,7 +6658,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } @@ -5278,19 +6689,27 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5298,52 +6717,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5358,92 +6772,77 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0a534483a88e1e33", - "name": "gcc-12-base", - "version": "12.2.0-14+deb12u1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/gcc-12-base", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/gcc-12-base/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/var/lib/dpkg/status.d/gcc-12-base.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:gcc-12-base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12-base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12_base:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc-12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc_12:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc-12-base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:gcc:gcc_12_base:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5451,52 +6850,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "severity": "High", + "urls": [ + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5511,27 +6905,27 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d36a882b8a3ded0b", - "name": "libatomic1", - "version": "12.2.0-14+deb12u1", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libatomic1", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libatomic1", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5540,31 +6934,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libatomic1:libatomic1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libatomic1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5572,52 +6974,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5632,88 +7029,73 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f0cf86f14f0675", - "name": "libgcc-s1", - "version": "12.2.0-14+deb12u1", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcc-s1", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgcc-s1/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "layerID": "sha256:c3abae442368dc447f15c468933843c361f227f5d87b2bb86515b49f40583ed9", - "accessPath": "/var/lib/dpkg/status.d/libgcc-s1.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgcc-s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc-s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc_s1:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc-s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*", - "cpe:2.3:a:libgcc:libgcc_s1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5721,52 +7103,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5781,83 +7158,68 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd7473971e9d06dd", - "name": "libgomp1", - "version": "12.2.0-14+deb12u1", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgomp1", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "layerID": "sha256:2401c5ea32a75452bc4b02a664c80cf63f197704653926fca19e22e6cbc85652", - "accessPath": "/var/lib/dpkg/status.d/libgomp1.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libgomp1/copyright", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libgomp1:libgomp1:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "gcc-12" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -5865,52 +7227,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0025 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15653, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5925,64 +7284,41 @@ "version": "12" }, "package": { - "name": "gcc-12", - "version": "12.2.0-14+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2022-27943", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9a37debf0d05047e", - "name": "libstdc++6", - "version": "12.2.0-14+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libstdc++6", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "layerID": "sha256:6819a1af097df543d58dc30b51f737e55f3f42a9a04e641f175834a55bf0629c", - "accessPath": "/var/lib/dpkg/status.d/libstdc++6.md5sums", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/usr/share/doc/gcc-12-base/copyright", - "layerID": "sha256:7095412417d2dce289b77f7a8c632a07c82b707fe43cfef7368c3b65c8d2538a", - "accessPath": "/usr/share/doc/libstdc++6/copyright", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Artistic", - "GFDL-1.2", - "GPL", - "GPL-2", - "GPL-3", - "LGPL" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:12.2.0-14\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=gcc-12", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "gcc-12" + "name": "curl" } ] } @@ -5999,9 +7335,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6009,7 +7353,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0017500000000000003 + "risk": 0.0023000000000000004 }, "relatedVulnerabilities": [ { @@ -6039,9 +7383,17 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00035, - "percentile": 0.10075, - "date": "2026-01-07" + "epss": 0.00046, + "percentile": 0.14014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-27587", + "cwe": "CWE-385", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6118,19 +7470,33 @@ }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6138,41 +7504,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6187,27 +7578,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -6216,44 +7607,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6261,27 +7727,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", "annotations": { "evidence": "primary" } @@ -6290,14 +7756,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -6307,22 +7769,74 @@ "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6376,27 +7890,90 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -6409,27 +7986,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -6438,39 +8015,84 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6489,7 +8111,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -6524,27 +8146,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -6563,7 +8220,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -6819,7 +8476,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -6939,7 +8596,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -6949,6 +8605,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -6982,87 +8639,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.2.0.md b/docs/security/oss/grype-4.2.0.md index 514488e..3ff6a2d 100644 --- a/docs/security/oss/grype-4.2.0.md +++ b/docs/security/oss/grype-4.2.0.md @@ -6,27 +6,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -34,6 +38,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | +| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | +| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | @@ -46,18 +55,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | -| gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgcc-s1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libgomp1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libstdc++6 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.2.1.json b/docs/security/oss/grype-4.2.1.json index f8d9d46..3a24311 100644 --- a/docs/security/oss/grype-4.2.1.json +++ b/docs/security/oss/grype-4.2.1.json @@ -13,8 +13,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -140,8 +148,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -208,8 +224,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -262,8 +278,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -317,6 +333,145 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.08215 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openldap", + "version": "2.6.10+dfsg-1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap2", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libldap2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-20796", @@ -329,9 +484,17 @@ "epss": [ { "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -339,7 +502,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08345000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { @@ -384,9 +547,17 @@ "epss": [ { "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -491,19 +662,27 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -511,28 +690,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -544,7 +720,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -555,10 +731,18 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -573,27 +757,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -602,31 +786,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -634,25 +835,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -664,7 +865,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -675,10 +876,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -693,13 +902,429 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.061950000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -783,19 +1408,27 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -803,32 +1436,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -836,10 +1477,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -860,7 +1509,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -942,6 +1591,130 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.04125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libtasn1-6", + "version": "4.20.0-2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "04ef2a4cf087de67", + "name": "libtasn1-6", + "version": "4.20.0-2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libtasn1-6", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12818", @@ -967,17 +1740,34 @@ "epss": [ { "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { @@ -1006,9 +1796,17 @@ "epss": [ { "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -1030,7 +1828,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" } } ], @@ -1074,9 +1875,17 @@ "epss": [ { "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1084,7 +1893,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02885 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { @@ -1093,22 +1902,158 @@ "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1127,17 +2072,25 @@ ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1145,108 +2098,178 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -1261,121 +2284,186 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Low", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -1390,27 +2478,30 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" } } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", - "version": "1.21.3-5", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -1419,31 +2510,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { - "name": "krb5" + "name": "postgresql-17" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1451,40 +2550,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1492,10 +2583,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1510,117 +2609,179 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.3, + "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1635,27 +2796,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -1664,31 +2825,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" } ], "fix": { @@ -1696,33 +2857,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, @@ -1730,21 +2890,33 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" } ] } @@ -1765,7 +2937,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -1849,86 +3021,184 @@ }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6601a8043e1f952a", + "name": "fluent-bit", + "version": "4.2.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0173 + "risk": 0.012720000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -1949,7 +3219,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } @@ -2033,165 +3303,86 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "6601a8043e1f952a", - "name": "fluent-bit", - "version": "4.2.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:13", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2199,27 +3390,27 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "libgcrypt20", + "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-12817", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2228,86 +3419,98 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", - "upstreams": [ - { - "name": "postgresql-17" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.012650000000000002 + "risk": 0.010815000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2322,109 +3525,68 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2432,50 +3594,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2483,27 +3666,27 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } @@ -2512,10 +3695,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] } }, { @@ -2545,9 +3732,17 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -2555,7 +3750,7 @@ "state": "" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.0105 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2607,76 +3802,88 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2025-13034", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04145, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13034", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0108 + "risk": 0.010355000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2025-13034", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-13034.html", + "https://curl.se/docs/CVE-2025-13034.json" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04145, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13034", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -2691,27 +3898,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2020-15719", + "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -2720,12 +3927,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } @@ -2743,8 +3950,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2783,8 +3998,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2860,8 +4083,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2900,8 +4131,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2968,8 +4207,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3008,8 +4255,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3081,8 +4336,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3121,8 +4384,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3176,6 +4447,166 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:13", + "severity": "Unknown", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.009000000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -3188,9 +4619,17 @@ "epss": [ { "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3198,7 +4637,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00725 + "risk": 0.00655 }, "relatedVulnerabilities": [ { @@ -3242,9 +4681,17 @@ "epss": [ { "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3360,8 +4807,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3413,8 +4874,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3481,8 +4956,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3534,8 +5023,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3598,8 +5101,16 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3650,8 +5161,16 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3718,8 +5237,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3760,8 +5287,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3828,8 +5363,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3870,8 +5413,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3934,8 +5485,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3976,8 +5535,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4044,8 +5611,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4086,8 +5661,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4149,9 +5732,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4159,7 +5750,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { @@ -4189,9 +5780,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4266,9 +5865,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4276,7 +5883,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { @@ -4306,9 +5913,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4374,9 +5989,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4384,7 +6007,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { @@ -4414,9 +6037,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4477,248 +6108,27 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00405 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "krb5", - "version": "1.21.3-5" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2024-26461", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00285 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2013-4392", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", - "version": "257.9-1~deb13u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", - "upstreams": [ - { - "name": "systemd" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4726,41 +6136,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4768,17 +6165,25 @@ ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4786,27 +6191,27 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -4815,27 +6220,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4843,30 +6260,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4874,10 +6291,18 @@ ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4898,7 +6323,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } @@ -4933,27 +6358,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -4966,27 +6466,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4995,44 +6495,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-15079", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15079", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5040,27 +6615,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15079", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -5069,39 +6644,87 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-15079", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2025-15079", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -5120,7 +6743,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } @@ -5155,27 +6778,90 @@ }, { "vulnerability": { - "id": "CVE-2025-13034", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13034", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -5188,27 +6874,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-13034", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } @@ -5217,39 +6903,75 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -5268,7 +6990,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -5303,27 +7025,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -5342,7 +7099,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -5384,8 +7141,17 @@ "urls": [], "cvss": [], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] }, "advisories": [], "risk": 0 @@ -5417,7 +7183,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], @@ -5608,7 +7377,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -5728,7 +7497,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -5738,6 +7506,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -5771,87 +7540,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.2.1.md b/docs/security/oss/grype-4.2.1.md index 98fb86d..05c4e09 100644 --- a/docs/security/oss/grype-4.2.1.md +++ b/docs/security/oss/grype-4.2.1.md @@ -5,24 +5,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.41-12 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.41-12 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -41,13 +47,12 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Unknown | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.2.2.json b/docs/security/oss/grype-4.2.2.json index 68aa82d..742e9d3 100644 --- a/docs/security/oss/grype-4.2.2.json +++ b/docs/security/oss/grype-4.2.2.json @@ -13,8 +13,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -140,8 +148,16 @@ { "cve": "CVE-2011-3389", "epss": 0.04129, - "percentile": 0.88289, - "date": "2026-01-07" + "percentile": 0.88317, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2011-3389", + "cwe": "CWE-326", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -208,8 +224,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ], "fix": { @@ -262,8 +278,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86021, - "date": "2026-01-07" + "percentile": 0.86035, + "date": "2026-01-21" } ] } @@ -317,6 +333,145 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.08215 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2017-17740", + "epss": 0.01643, + "percentile": 0.81534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openldap", + "version": "2.6.10+dfsg-1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2017-17740", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libldap2", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libldap2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-20796", @@ -329,9 +484,17 @@ "epss": [ { "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -339,7 +502,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08345000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { @@ -384,9 +547,17 @@ "epss": [ { "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81657, - "date": "2026-01-07" + "epss": 0.01492, + "percentile": 0.80651, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -491,19 +662,27 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -511,28 +690,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -544,7 +720,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -555,10 +731,18 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81507, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -573,27 +757,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -602,31 +786,48 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "openldap" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -634,25 +835,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0471 + "risk": 0.07425000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -664,7 +865,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -675,10 +876,18 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00942, - "percentile": 0.75748, - "date": "2026-01-07" + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -693,13 +902,429 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80612, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.061950000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010025", + "epss": 0.01239, + "percentile": 0.78815, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -783,19 +1408,27 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -803,32 +1436,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034550000000000004 + "risk": 0.04205000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -836,10 +1477,18 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00691, - "percentile": 0.71244, - "date": "2026-01-07" + "cve": "CVE-2019-9192", + "epss": 0.00841, + "percentile": 0.74218, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -860,7 +1509,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -942,6 +1591,130 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.04125 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00055, + "percentile": 0.17269, + "date": "2026-01-21" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libtasn1-6", + "version": "4.20.0-2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "04ef2a4cf087de67", + "name": "libtasn1-6", + "version": "4.20.0-2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libtasn1-6", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12818", @@ -967,17 +1740,34 @@ "epss": [ { "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { @@ -1006,9 +1796,17 @@ "epss": [ { "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18104, - "date": "2026-01-07" + "epss": 0.00074, + "percentile": 0.22662, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -1030,7 +1828,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" } } ], @@ -1074,9 +1875,17 @@ "epss": [ { "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1084,7 +1893,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02885 + "risk": 0.033100000000000004 }, "relatedVulnerabilities": [ { @@ -1093,22 +1902,158 @@ "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00662, + "percentile": 0.70606, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-6829", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -1127,17 +2072,25 @@ ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68146, - "date": "2026-01-07" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70163, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -1145,108 +2098,178 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-6829", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2026-0915", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0915", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.03075 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12144, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -1261,121 +2284,186 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Low", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "17.7-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20603, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -1390,27 +2478,30 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 17.7-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.7-0+deb13u1" } } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", - "version": "1.21.3-5", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -1419,31 +2510,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { - "name": "krb5" + "name": "postgresql-17" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1451,40 +2550,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.01855 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, + "baseScore": 4, + "exploitabilityScore": 8, "impactScore": 2.9 }, "vendorMetadata": {} @@ -1492,10 +2583,18 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2010-4756", + "epss": 0.00371, + "percentile": 0.5837, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -1510,117 +2609,179 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.02315 + "risk": 0.01854 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.3, + "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63613, - "date": "2026-01-07" + "cve": "CVE-2025-14819", + "epss": 0.00036, + "percentile": 0.10333, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1635,27 +2796,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -1664,31 +2825,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" } ], "fix": { @@ -1696,33 +2857,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01875 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, @@ -1730,21 +2890,33 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00375, - "percentile": 0.586, - "date": "2026-01-07" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54021, + "date": "2026-01-21" } ] } @@ -1765,7 +2937,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -1849,86 +3021,184 @@ }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07474, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4bf1f6f079d3164c", + "name": "fluent-bit", + "version": "4.2.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0173 + "risk": 0.012720000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" + ], + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56656, - "date": "2026-01-07" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02534, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -1949,7 +3219,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } @@ -2033,165 +3303,86 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07463, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4bf1f6f079d3164c", - "name": "fluent-bit", - "version": "4.2.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:13", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" } ], - "epss": [ + "cwes": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14044, - "date": "2026-01-07" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44576, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2199,27 +3390,27 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "libgcrypt20", + "version": "1.11.0-7" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-12817", + "vulnerabilityID": "CVE-2024-2236", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2228,86 +3419,98 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", - "upstreams": [ - { - "name": "postgresql-17" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-14524", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.012650000000000002 + "risk": 0.010815000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-14524", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-14524.html", + "https://curl.se/docs/CVE-2025-14524.json", + "https://hackerone.com/reports/3459417", + "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "exploitabilityScore": 1.7, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00253, - "percentile": 0.48427, - "date": "2026-01-07" + "cve": "CVE-2025-14524", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14524", + "cwe": "CWE-601", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2322,109 +3525,68 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2432,50 +3594,71 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011100000000000002 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44697, - "date": "2026-01-07" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.43979, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2020-15719", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2483,27 +3666,27 @@ "version": "13" }, "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } @@ -2512,10 +3695,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "upstreams": [ + { + "name": "openldap" + } + ] } }, { @@ -2545,9 +3732,17 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00021, - "percentile": 0.04883, - "date": "2026-01-07" + "epss": 0.0002, + "percentile": 0.04323, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -2555,7 +3750,7 @@ "state": "" }, "advisories": [], - "risk": 0.011025000000000002 + "risk": 0.0105 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2607,76 +3802,88 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2025-13034", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", - "cvss": [], + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04145, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13034", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0108 + "risk": 0.010355000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2025-13034", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://curl.se/docs/CVE-2025-13034.html", + "https://curl.se/docs/CVE-2025-13034.json" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44098, - "date": "2026-01-07" + "cve": "CVE-2025-13034", + "epss": 0.00019, + "percentile": 0.04145, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13034", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -2691,27 +3898,27 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2020-15719", + "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -2720,12 +3927,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "openldap" + "name": "curl" } ] } @@ -2743,8 +3950,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2783,8 +3998,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2860,8 +4083,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2900,8 +4131,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2968,8 +4207,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3008,8 +4255,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3081,8 +4336,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3121,8 +4384,16 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43023, - "date": "2026-01-07" + "percentile": 0.42892, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3176,6 +4447,166 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:13", + "severity": "Unknown", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.009000000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "Unknown", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00018, + "percentile": 0.03847, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -3188,9 +4619,17 @@ "epss": [ { "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3198,7 +4637,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00725 + "risk": 0.00655 }, "relatedVulnerabilities": [ { @@ -3242,9 +4681,17 @@ "epss": [ { "cve": "CVE-2019-1010022", - "epss": 0.00145, - "percentile": 0.35407, - "date": "2026-01-07" + "epss": 0.00131, + "percentile": 0.3327, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3360,8 +4807,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3413,8 +4874,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3481,8 +4956,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -3534,8 +5023,22 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32916, - "date": "2026-01-07" + "percentile": 0.32735, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -3598,8 +5101,16 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3650,8 +5161,16 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32205, - "date": "2026-01-07" + "percentile": 0.32014, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3718,8 +5237,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3760,8 +5287,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3828,8 +5363,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3870,8 +5413,16 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28463, - "date": "2026-01-07" + "percentile": 0.28305, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31438", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3934,8 +5485,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3976,8 +5535,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4044,8 +5611,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4086,8 +5661,16 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26909, - "date": "2026-01-07" + "percentile": 0.26739, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4149,9 +5732,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4159,7 +5750,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { @@ -4189,9 +5780,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4266,9 +5865,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4276,7 +5883,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { @@ -4306,9 +5913,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4374,9 +5989,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4384,7 +6007,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00405 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { @@ -4414,9 +6037,17 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4477,248 +6108,27 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00405 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" - ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-26461", - "epss": 0.00081, - "percentile": 0.24341, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "krb5", - "version": "1.21.3-5" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2024-26461", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00285 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2013-4392", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", - "version": "257.9-1~deb13u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libsystemd0", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", - "upstreams": [ - { - "name": "systemd" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2013-4392", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4726,41 +6136,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00285 + "risk": 0.0031000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2013-4392", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 3.4, - "impactScore": 5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4768,17 +6165,25 @@ ], "epss": [ { - "cve": "CVE-2013-4392", - "epss": 0.00057, - "percentile": 0.17988, - "date": "2026-01-07" + "cve": "CVE-2024-26461", + "epss": 0.00062, + "percentile": 0.19491, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4786,27 +6191,27 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2013-4392", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -4815,27 +6220,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-10966", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -4843,30 +6260,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0008500000000000002 + "risk": 0.00245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10966", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-10966.html", - "https://curl.se/docs/CVE-2025-10966.json", - "https://hackerone.com/reports/3355218", - "http://www.openwall.com/lists/oss-security/2025/11/05/2" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4874,10 +6291,18 @@ ], "epss": [ { - "cve": "CVE-2025-10966", - "epss": 0.00017, - "percentile": 0.03217, - "date": "2026-01-07" + "cve": "CVE-2025-15224", + "epss": 0.00049, + "percentile": 0.15464, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15224", + "cwe": "CWE-287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -4898,7 +6323,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-10966", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } @@ -4933,27 +6358,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -4966,27 +6466,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -4995,44 +6495,119 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "curl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2025-15079", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", + "id": "CVE-2013-4392", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cvss": [], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0021000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15079", - "dataSource": "nvd", + "id": "CVE-2013-4392", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2013-4392", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Low", + "urls": [ + "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "https://bugzilla.redhat.com/show_bug.cgi?id=859060" + ], + "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 3.4, + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2013-4392", + "epss": 0.00042, + "percentile": 0.12562, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2013-4392", + "cwe": "CWE-59", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5040,27 +6615,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15079", + "vulnerabilityID": "CVE-2013-4392", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } @@ -5069,39 +6644,87 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2025-15079", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15079", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0010500000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "nvd", + "id": "CVE-2025-15079", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-15079.html", + "https://curl.se/docs/CVE-2025-15079.json", + "https://hackerone.com/reports/3477116", + "http://www.openwall.com/lists/oss-security/2026/01/07/6" + ], + "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.7, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15079", + "epss": 0.00021, + "percentile": 0.04516, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15079", + "cwe": "CWE-297", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -5120,7 +6743,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } @@ -5155,27 +6778,90 @@ }, { "vulnerability": { - "id": "CVE-2025-13034", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13034", + "id": "CVE-2026-22185", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22185", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0009 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13034", - "dataSource": "nvd", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + ], + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "cvss": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03771, + "date": "2026-01-21" + } + ], + "cwes": [ + { + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + } + ] } ], "matchDetails": [ @@ -5188,27 +6874,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-13034", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } @@ -5217,39 +6903,75 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2025-14524", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14524", + "id": "CVE-2025-10966", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10966", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.0007499999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14524", - "dataSource": "nvd", + "id": "CVE-2025-10966", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-10966.html", + "https://curl.se/docs/CVE-2025-10966.json", + "https://hackerone.com/reports/3355218", + "http://www.openwall.com/lists/oss-security/2025/11/05/2" + ], + "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-10966", + "epss": 0.00015, + "percentile": 0.02254, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -5268,7 +6990,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14524", + "vulnerabilityID": "CVE-2025-10966", "versionConstraint": "none (unknown)" } } @@ -5303,27 +7025,62 @@ }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2025-14017", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14017", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Negligible", "urls": [], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cvss": [], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0 + "risk": 0.00035 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "nvd", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" + ], + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00351, + "date": "2026-01-21" + } + ] } ], "matchDetails": [ @@ -5342,7 +7099,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } @@ -5384,8 +7141,17 @@ "urls": [], "cvss": [], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] }, "advisories": [], "risk": 0 @@ -5417,7 +7183,10 @@ }, "found": { "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], @@ -5608,7 +7377,7 @@ }, "descriptor": { "name": "grype", - "version": "0.99.1", + "version": "0.105.0", "configuration": { "output": [ "json" @@ -5728,7 +7497,6 @@ "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, - "auth": null, "ca-cert": "" }, "show-suppressed": false, @@ -5738,6 +7506,7 @@ }, "name": "", "default-image-pull-source": "", + "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, @@ -5771,87 +7540,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-08T00:28:13Z_1767860413.tar.zst?checksum=sha256%3A3831560fcba7c10b4c8ce536588b20f023c260e0d2cda6f386aebb58ac0f50dd", - "built": "2026-01-08T08:20:13Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", + "built": "2026-01-22T06:16:48Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-08T00:28:20Z", - "input": "xxh64:4eae1d77b8a0f455" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:73fce9af6b3fd365" }, "alpine": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:b361abf7a40b0e6d" + "captured": "2026-01-22T00:33:14Z", + "input": "xxh64:b84a37728d892129" }, "amazon": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:a4b5bb2a8afcf298" + "captured": "2026-01-22T00:33:20Z", + "input": "xxh64:9b0390dcb293f703" + }, + "arch": { + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:ac05cb722795d7ed" }, "bitnami": { - "captured": "2026-01-08T00:28:28Z", - "input": "xxh64:bac34ffc84202b23" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:e2895469b256c4dc" }, "chainguard": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:d84cc662ae2c0a6e" + "captured": "2026-01-22T00:33:11Z", + "input": "xxh64:9770a23f4fd9fdd2" }, "chainguard-libraries": { - "captured": "2026-01-08T00:28:25Z", - "input": "xxh64:3af5187a5f98f5a7" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:a1966f5dc209b4f4" }, "debian": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:b2f782015298d706" + "captured": "2026-01-22T00:33:23Z", + "input": "xxh64:06da4ecaa6c412fe" }, "echo": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:dd6d3ba09b3e2281" + "captured": "2026-01-22T00:33:09Z", + "input": "xxh64:c8eaeb167d56e35d" }, "epss": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:bd78c1523cf47001" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:650a874923fa6bef" }, "github": { - "captured": "2026-01-08T00:28:27Z", - "input": "xxh64:0c76e4fbdec1f0cf" + "captured": "2026-01-22T00:33:18Z", + "input": "xxh64:7501366322f70c74" }, "kev": { - "captured": "2026-01-08T00:28:17Z", - "input": "xxh64:1a5e1c45f0168b38" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:474b6b1929d15ab4" }, "mariner": { - "captured": "2026-01-08T00:28:22Z", - "input": "xxh64:91502050ca2abd36" + "captured": "2026-01-22T00:33:16Z", + "input": "xxh64:b6982fbf34410a67" }, "minimos": { - "captured": "2026-01-08T00:28:26Z", - "input": "xxh64:9bba9b9ce5837ff2" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8b364bf6ebcd17e1" }, "nvd": { - "captured": "2026-01-08T00:32:21Z", - "input": "xxh64:e596fa1a169a9a0f" + "captured": "2026-01-22T00:37:26Z", + "input": "xxh64:c70d9d3f646984e5" }, "oracle": { - "captured": "2026-01-08T00:28:18Z", - "input": "xxh64:78a3b002ed7400c3" + "captured": "2026-01-22T00:33:17Z", + "input": "xxh64:d8684a53ad1547e1" }, "rhel": { - "captured": "2026-01-08T00:29:07Z", - "input": "xxh64:cf1fe711df9cc8ec" + "captured": "2026-01-22T00:34:11Z", + "input": "xxh64:6be0e5e3aef59942" }, "sles": { - "captured": "2026-01-08T00:28:34Z", - "input": "xxh64:e4a189158aff5b9f" + "captured": "2026-01-22T00:33:33Z", + "input": "xxh64:aa3b4327337d57be" }, "ubuntu": { - "captured": "2026-01-08T00:28:14Z", - "input": "xxh64:88cc7a68e341eac0" + "captured": "2026-01-22T00:33:43Z", + "input": "xxh64:672ddaa9a6e637e0" }, "wolfi": { - "captured": "2026-01-08T00:28:13Z", - "input": "xxh64:4c401f64a92daf07" + "captured": "2026-01-22T00:33:13Z", + "input": "xxh64:8f95c8e5312fcfb4" } } } diff --git a/docs/security/oss/grype-4.2.2.md b/docs/security/oss/grype-4.2.2.md index acde877..c617994 100644 --- a/docs/security/oss/grype-4.2.2.md +++ b/docs/security/oss/grype-4.2.2.md @@ -5,24 +5,30 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | +| libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | -| libc6 | 2.41-12 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | -| libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | -| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | +| libc6 | 2.41-12 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | @@ -41,13 +47,12 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libk5crypto3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | +| libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Unknown | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Unknown | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Unknown | +| libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown |